diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7099c7a059ed57105c22f1808267c6c081ffbebd..4d76aad9b6399f3d6eae28c8c35e11cc3c25e78d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,50 +2,77 @@
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.10.3-bb.1]
+
+### Changed
+
+- Update Istio proxy and proxy init pods to be in compliance with opa gatekeeper.
+
 ## [1.10.3-bb.0]
+
 ### Changed
+
 - Update to Istio 1.10.3
 
 ## [1.9.7-bb.1]
+
 ### Added
+
 - Default configuration to hold application start until istio proxy is ready
 
 ## [1.9.7-bb.0]
+
 ### Changed
+
 - Update to Istio 1.9.7
 
 ## [1.8.4-bb.6]
+
 ### Changed
+
 - **BREAKING** `ingressGateway` deprecated in favor of creating `ingressGateways` in a uniform manner
 - **BREAKING** `gateway` deprecated in favor of creating `gateways` in a uniform manner
 
 ## [1.8.4-bb.5]
+
 ### Fixed
+
 - Kube API egress allowed for all pods, not just istiod
 
 ## [1.8.4-bb.4]
+
 ### Added
+
 - Kube API egress networkpolicy
 
 ## [1.8.4-bb.3]
+
 ### Added
+
 - Added network policies for istio
 
 ## [1.8.4-bb.2]
+
 ### Fixed
+
 - fixed bug with indentation when providing resources to istio ingressgateways
 
 ## [1.8.4-bb.1]
+
 ### Fixed
+
 - updated dsop.io registry hostname to dso.mil
 
 ## [1.7.3-bb.1]
+
 ### Added
+
 - Top level "sso" values designation. This will enable an haproxy package installation in the desired namespace (sso.namespace: istio-addons-sso) that in conjunction with authservice package will place an SSO gate in front of Kiali+Jaeger UIs.
 - Top level "ingress" values designation. This will control configuration for the virtualservices created. Leave empty with sso.enabled = false to have the virtualservices go straight to the kiali/jaeger UIs. Leave empty with sso.enabled = true to place the haproxy+authservice injection in front of kiali/tracing. Fill in with your own service/port if customizing the installation/services.
 - New Jaeger+Kiali VirtualServices pointing to the haproxy installation will be installed when "sso.enabled: true"
 - sso.selector variable sets the label that will be applied to the authservice EnvoyFilter placing the SSO page in front of the regular UIs. Must match the selector for "authservice.selector.key/value".
 
 ### Changed
+
 - Jaeger+Kiali VirtualServices pointing directly to the UIs will be skipped when "sso.enabled: true"
 - Jaeger+Kiali VirtualServices pull in their configs from the "ingress" designation so VirtualServices can be customized.
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index ecf3ed66cd0b73838eb32aeae778a27e59be164e..174a0ada1f3da686354c37f891f089f23c0f58d3 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,3 +1,3 @@
 apiVersion: v2
 name: istio
-version: 1.10.3-bb.0
+version: 1.10.3-bb.1
diff --git a/chart/templates/controlplane.yaml b/chart/templates/controlplane.yaml
index 281edcdfa2abb0f8297e8d40f01f6054995057b6..f7cdca4b03efeea89df4fd84f67de2c323267757 100644
--- a/chart/templates/controlplane.yaml
+++ b/chart/templates/controlplane.yaml
@@ -127,4 +127,4 @@ spec:
         - matchExpressions:
             - key: app.kubernetes.io/component
               operator: In
-              values: [fluentd-configcheck]
+              values: [fluentd-configcheck]
\ No newline at end of file
diff --git a/chart/values.yaml b/chart/values.yaml
index edbd32b53f2211ffb7eba264818316e767989d46..6ce0b1a0fb0addeb68ac04979ab83743dc680f9f 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -28,16 +28,10 @@ ingressGateways:
     k8s: # Set any value from https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
       # hpaSpec:  By default, HPA is set from 1-5 instances with a target average utilization of 80%
       resources: {}
-        # requests:
-        #   cpu: 500m
-        #   memory: 1Gi
-        # limits:
-        #   cpu: 1.5
-        #   memory: 3Gi
       service:
         type: "LoadBalancer" # or "NodePort"
         # ports: By default ports 15021 (status), 80, 443, and 15443 (SNI Routing) are setup
-      podAnnotations: {} # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+      podAnnotations: {}  # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
       serviceAnnotations: {} # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
       nodeSelector: {} # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
       affinity: {} # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
@@ -145,6 +139,7 @@ cni:
   podAnnotations: {}
   #  k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
   nodeSelector: {}
+
   #  k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
   affinity: {}
   #  k8s toleration https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
@@ -154,8 +149,23 @@ cni:
 meshConfig: {}
 
 values:
-  global: {}
-
+  global: 
+    proxy:
+      resources:
+        requests:
+          cpu: 100m
+          memory: 256Mi
+        limits:
+          cpu: 100m
+          memory: 256Mi
+    proxy_init:
+      resources:
+        limits:
+          cpu: 100m
+          memory: 256Mi
+        requests:
+          cpu: 100m
+          memory: 256Mi
 networkPolicies:
   enabled: false
   # See `kubectl cluster-info` and then resolve to IP