ISTIO egress gateway for databases

Networking
1

I have installed istio with istioctl in my k8s with this command :

istioctl install -s "components.egressGateways[0].name=istio-egressgateway" -s "components.egressGateways[0].enabled=true" --set "values.gateways.istio-egressgateway.ports[0].port=80" --set "values.gateways.istio-egressgateway.ports[0].name=http" --set "values.gateways.istio-egressgateway.ports[1].port=443" --set "values.gateways.istio-egressgateway.ports[1].name=https" --set "values.gateways.istio-egressgateway.ports[2].port=27017" --set "values.gateways.istio-egressgateway.ports[2].name=mongo" --set "values.gateways.istio-egressgateway.ports[3].port=3306" --set "values.gateways.istio-egressgateway.ports[3].name=mysql" --set "values.gateways.istio-egressgateway.ports[4].port=3307" --set "values.gateways.istio-egressgateway.ports[4].name=mysql1"

then i have create serviceentry with this file:

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"networking.istio.io/v1alpha3","kind":"ServiceEntry","metadata":{"annotations":{},"name":"mysql","namespace":"istio-system"},"spec":{"addresses":["170.187.156.142/32"],"endpoints":[{"address":"170.187.156.142"}],"hosts":["my-mysql.tcp.svc"],"location":"MESH_EXTERNAL","ports":[{"name":"tcp","number":3306,"protocol":"TCP"}],"resolution":"STATIC"}}
  creationTimestamp: "2022-04-11T07:37:54Z"
  generation: 5
  name: mysql
  namespace: istio-system
  resourceVersion: "1506047"
  uid: 4b872f99-97b6-4e4e-a9fc-8f9763422224
spec:
  addresses:
  - 170.187.XX.XX/32
  endpoints:
  - address: XX.XX.XX.XX
  hosts:
  - my-mysql.tcp.svc
  location: MESH_EXTERNAL
  ports:
  - name: tcp
    number: 3306
    protocol: TCP
  resolution: STATIC

then i have created gateway with this file:

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"networking.istio.io/v1alpha3","kind":"Gateway","metadata":{"annotations":{},"name":"istio-egressgateway","namespace":"istio-system"},"spec":{"selector":{"istio":"egressgateway"},"servers":[{"hosts":["my-mysql.tcp.svc"],"port":{"name":"tcp","number":3306,"protocol":"TCP"}}]}}
  creationTimestamp: "2022-04-11T07:13:09Z"
  generation: 7
  name: istio-egressgateway
  namespace: istio-system
  resourceVersion: "1506384"
  uid: af4f8b04-b0ce-41e2-9c71-008221ae3c64
spec:
  selector:
    istio: egressgateway
  servers:
  - hosts:
    - '*'
    port:
      name: tcp
      number: 3306
      protocol: TCP

then i have created destination rule with this file:

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"networking.istio.io/v1alpha3","kind":"DestinationRule","metadata":{"annotations":{},"name":"egressgateway-for-mysql","namespace":"istio-system"},"spec":{"host":"istio-egressgateway.istio-system.svc.cluster.local","subsets":[{"name":"mysql"}]}}
  creationTimestamp: "2022-04-11T07:37:59Z"
  generation: 1
  name: egressgateway-for-mysql
  namespace: istio-system
  resourceVersion: "895373"
  uid: a861360a-5bfc-4d6e-adc8-d784e2f8f543
spec:
  host: istio-egressgateway.istio-system.svc.cluster.local
  subsets:
  - name: mysql

and finally created VirtualService with this file:

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"networking.istio.io/v1alpha3","kind":"VirtualService","metadata":{"annotations":{},"name":"direct-mysql-through-egress-gateway","namespace":"istio-system"},"spec":{"gateways":["mesh","istio-egressgateway"],"hosts":["my-mysql.tcp.svc"],"tcp":[{"match":[{"destinationSubnets":["170.187.156.142/32"],"gateways":["mesh"],"port":3306}],"route":[{"destination":{"host":"istio-egressgateway.istio-system.svc.cluster.local","port":{"number":3306},"subset":"mysql"}}]},{"match":[{"gateways":["istio-egressgateway"],"port":3306}],"route":[{"destination":{"host":"my-mysql.tcp.svc","port":{"number":3306}},"weight":100}]}]}}
  creationTimestamp: "2022-04-11T07:38:02Z"
  generation: 8
  name: direct-mysql-through-egress-gateway
  namespace: istio-system
  resourceVersion: "1505867"
  uid: eb04cc8c-6183-4b7c-a97f-d01c2755c05b
spec:
  gateways:
  - mesh
  - istio-egressgateway
  hosts:
  - my-mysql.tcp.svc
  tcp:
  - match:
    - destinationSubnets:
      - 170.187.156.142/32
      gateways:
      - mesh
      port: 3306
    route:
    - destination:
        host: istio-egressgateway.istio-system.svc.cluster.local
        port:
          number: 3306
        subset: mysql
  - match:
    - gateways:
      - istio-egressgateway
      port: 3306
    route:
    - destination:
        host: my-mysql.tcp.svc
        port:
          number: 3306
      weight: 100

It is working fine i am checking the ip via TCPdump in mysql server and i am getting the istio-egressgateway node ip but i dont know the approach if i want to add second mysql server ip with diffrent port and want to route that too via egressGW .