Istio Gateway Sidecar

I’ve deployed an Istio ingress gateway but am unable to get the automatic sidecar injection to work with the gateway. Running Istio 1.18.0. Any help would be greatly appreciated.

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "2"
    meta.helm.sh/release-name: istio-ingressgateway
    meta.helm.sh/release-namespace: istio-ingress
  creationTimestamp: "2023-06-13T05:54:57Z"
  generation: 3
  labels:
    app: istio-ingressgateway
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: istio-ingressgateway
    app.kubernetes.io/version: 1.18.0
    helm.sh/chart: gateway-1.18.0
    istio: ingressgateway
  name: istio-ingressgateway
  namespace: istio-ingress
  resourceVersion: "15794248"
  uid: 1e460168-ad83-45f7-b7ea-461b96229088
spec:
  progressDeadlineSeconds: 600
  replicas: 2
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: istio-ingressgateway
      istio: ingressgateway
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      annotations:
        inject.istio.io/templates: gateway
        prometheus.io/path: /stats/prometheus
        prometheus.io/port: "15020"
        prometheus.io/scrape: "true"
        sidecar.istio.io/inject: "true"
      creationTimestamp: null
      labels:
        app: istio-ingressgateway
        istio: ingressgateway
        istio.io/rev: default
        sidecar.istio.io/inject: "true"
    spec:
      containers:
      - image: auto
        imagePullPolicy: Always
        name: istio-proxy
        ports:
        - containerPort: 15090
          name: http-envoy-prom
          protocol: TCP
        resources:
          limits:
            cpu: "2"
            memory: 1Gi
          requests:
            cpu: 100m
            memory: 128Mi
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          privileged: false
          readOnlyRootFilesystem: true
          runAsGroup: 1337
          runAsNonRoot: true
          runAsUser: 1337
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        sysctls:
        - name: net.ipv4.ip_unprivileged_port_start
          value: "0"
      serviceAccount: istio-ingressgateway
      serviceAccountName: istio-ingressgateway
      terminationGracePeriodSeconds: 30