Cannot handle traffic to port 443 if k8s ingress enabled

I have istio 1.2.2 installed using helm, on GKE.
I use the same ingressgateway config for port 443 and 31500.
Some how, I able to connect to my service via port 31500 but not 443 (also, cannot use port 80 for service without HTTPS setup).

By an extreme luck, I go past this solution https://github.com/istio/istio/issues/6566#issuecomment-498822405 say I need to disable k8sIngress, I follow and some how it success.
In the past I follow this topic to work with cert-manager https://istio.io/docs/tasks/traffic-management/ingress/ingress-certmgr/

The question are:

  • What is the root cause of the issue? Maybe disable k8sIngress is just a work-around.
  • What can I do to provide more context about this issue?
  • Is it OK to disable k8sIngress when still using cert-manager? Do cert-manager need to have a ingress when renew certs?
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: {{ include "my-app.fullname" . }}
  labels:
{{ include "my-app.labels" . | indent 4 }}
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    hosts:
    - "{{ .Values.publicAddresses.api }}"
    tls:
      credentialName: cert-{{ .Values.publicAddresses.api }}
      mode: SIMPLE
      privateKey: sds
      serverCertificate: sds
  - port:
      number: 31500
      name: grpc-api
      protocol: HTTPS
    hosts:
    - "{{ .Values.publicAddresses.api }}"
    tls:
      credentialName: cert-{{ .Values.publicAddresses.api }}
      mode: SIMPLE
      privateKey: sds
      serverCertificate: sds
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: {{ include "my-app.fullname" . }}
  labels:
{{ include "my-app.labels" . | indent 4 }}
spec:
  hosts:
  - "{{ .Values.publicAddresses.api }}"
  gateways:
  - {{ include "my-app.fullname" . }}
  http:
  - match:
    - uri:
        prefix: /manabie.bob
    route:
    - destination:
        host: {{ .Release.Name }}-bob
        port:
          number: 5050
  - match:
    - uri:
        prefix: /manabie.tom
    route:
    - destination:
        host: {{ .Release.Name }}-tom
        port:
          number: 5050