Port named "grpc" lacks listener, breaks connection?

What happens when a service’s port is named “grpc” under Istio?

I discovered that meshed pods could not talk to CockroachDB because of port naming. I installed CockroachDB outside the mesh, in a namespace that Istio does not inject, using helm install --namespace non-istio --name my-release stable/cockroachdb.

I discovered the non-meshed clients could talk to this instance, but meshed pods cannot. I traced this to the Service created by the helm chart:

apiVersion: v1
kind: Service
metadata:
  name: my-release-cockroachdb-public
  namespace: non-istio
spec:
  ports:
  - name: grpc
    port: 26257
    protocol: TCP
    targetPort: 26257
  - name: http
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    component: my-release-cockroachdb
  type: ClusterIP

If I changed “grpc” to “plain” it worked.

What does it mean when a Service port is named “grpc”? The Istio docs just say the name is needed to take advantage of routing features. What I noticed was that the CockroachDB helm chart author’s choice to name the port “grpc” caused Envoy to lack a listener.

Anyone wishing to experiment can test the same way I did. I did kubectl -n <ns> run -it cockroach-client --image=cockroachdb/cockroach --restart=Never --command bash and ran the command ./cockroach sql --insecure --host my-release-cockroachdb-public.test --execute "SHOW DATABASES". This works from non-injected namespaces, and from injected namespaces if the K8s Service Port is not named “grpc”.