GatewayPortNotDefinedOnService

This message occurs when a gateway (usually istio-ingressgateway) offers a port that the Kubernetes service workload selected by the gateway does not.

For example, your Istio configuration contains these values:

# Gateway with bogus ports

apiVersion: networking.istio.io/v1
kind: Gateway
metadata:
  name: istio-ingressgateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
  - port:
      number: 8004
      name: http2
      protocol: HTTP
    hosts:
    - "*"
---

# Default Gateway Service

apiVersion: v1
kind: Service
metadata:
  name: istio-ingressgateway
spec:
  selector:
    istio: ingressgateway
  ports:
  - name: status-port
    port: 15021
    protocol: TCP
    targetPort: 15021
  - name: http2
    port: 80
    protocol: TCP
    targetPort: 8080
  - name: https
    port: 443
    protocol: TCP
    targetPort: 8443

In this example, the GatewayPortNotDefinedOnService message occurs because this configuration uses port 8004, but a default IngressGateway (named istio-ingressgateway) is only open on target ports 15021, 8080 and 8443.

To resolve this problem, change your gateway configuration to use a valid port on the workload and try again.

Here’s a corrected example:

# Gateway with correct ports

apiVersion: networking.istio.io/v1
kind: Gateway
metadata:
  name: istio-ingressgateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 8080
      name: http2
      protocol: HTTP
    hosts:
    - "*"
  - port:
      number: 8443
      name: https
      protocol: HTTP
    hosts:
    - "*"