Istioctl proxy-config and Envoy's config file and routes

I’m trying to understand how Istio handles incoming traffic.

So, we have an Istio IngressGateway:

$ kk -n istio-system get svc istio-ingressgateway
NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP                                                               PORT(S)                                                                      AGE
istio-ingressgateway   LoadBalancer   af0***   15021:32005/TCP,80:32180/TCP,443:30582/TCP,31400:30061/TCP,15443:31357/TCP   4d5h

It has a Listener on port 80 which sends traffic to a WorkerNode port 32180.

On the WorkerNode from the 32180 port via IPTABLES chains, a packet is sent to the, which is a Docker container with Envoy which is an istio-ingressgateway-7cbb78c4bc-dggwc pod.

Finally, it has a Route created via a VirtualService:

$ istioctl -n istio-system proxy-config route istio-ingressgateway-7cbb78c4bc-dggwc
NOTE: This output only contains routes loaded via RDS.
NAME        DOMAINS     MATCH                  VIRTUAL SERVICE
http.80     *           /test-uri*             test-virtualservice.test-namespace

But if I’m checking its /etc/istio/proxy/envoy-rev0.json file in the container - there is nothing about the /test-uri URI or port 80.

So - where is this configured inside of the Envoy’s container/istio-ingressgateway’s Pod?
How the traffic is routed to a Kubernetes Service test-virtualservice.test-namespace?
There are no iptables rules in the container’s namespace.