The meaning and significance of Server 's port field in the Gateway Custom Resource

The documentation page for a server property of istio’s Gateway

https://istio.io/docs/reference/config/networking/gateway/#Server

says:

port - The Port on which the proxy should listen for incoming connections.

The questions…

  • Which proxy? is this the istio-proxy side container on the target service/pod?
  • Is the proxy referring the the istio’s ingress gateway controller? (istio-ingressgateway)
  • Is port a logical port, and the creator of the CR can choose one as they like? Or is it tied to the ingress gateway port config?

For instance:

The gateway in the product info example of istio, out of the box, has the port set to 80, like so (modified the hosts property from '*' to foo.bar.com):

  servers:
  - hosts:
    - foo.bar.com
    port:
      name: http
      number: 80
      protocol: HTTP

And this curl command works just fine:

[mzur@mzur-dt2 ~/tmp] (colossus_dev *)$ curl -H "Host: foo.bar.com" -v -s http://mzur-dt2.archivas.com:31628/productpage 1>/dev/null
*   Trying 172.18.22.117...
* TCP_NODELAY set
* Connected to mzur-dt2.archivas.com (172.18.22.117) port 31628 (#0)
> GET /productpage HTTP/1.1
> Host: foo.bar.com
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 200 OK
< content-type: text/html; charset=utf-8
< content-length: 5179
< server: istio-envoy
< date: Thu, 21 May 2020 11:02:11 GMT
< x-envoy-upstream-service-time: 71
<
{ [5179 bytes data]

But changing the port on the gateway CR to 8080 (from 80) like so:

  servers:
  - hosts:
    - foo.bar.com
    port:
      name: http
      number: 8080
      protocol: HTTP

the following curl command does not seem to work any more (expecting 200 but getting a 404):

curl -H "Host: foo.bar.com:8080" -v -s http://mzur-dt2.archivas.com:31628/productpage
*   Trying 172.18.22.117...
* TCP_NODELAY set
* Connected to mzur-dt2.archivas.com (172.18.22.117) port 31628 (#0)
> GET /productpage HTTP/1.1
> Host: foo.bar.com:8080
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< date: Thu, 21 May 2020 10:59:26 GMT
< server: istio-envoy
< content-length: 0
<
* Connection #0 to host mzur-dt2.archivas.com left intact

FYI - after editing the nodePort of the istio ingress gateway to match the port in the Gatway CR (8080), this curl works again as expected (returns 200):

curl -H "Host: foo.bar.com" -v -s http://mzur-dt2.archivas.com:31628/productpage 1>/dev/null

Note: this means modifying the istio’s deployment resources (Service) in order to get it to work. No istio documentation mentions that this type of configuration is needed. Still hoping to hear from an istio expert on this :sweat: