This is a pretty good discussion. Thank you all for sharing. Let me ask a followup question. I do understand the port(80) --> to TargetPort (8080) traffic flow. What I dont understand the connection between this ingress-gateway listening port 8080 and the port section in the istio application gateway. Let me give you an example

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: foo-bar-gateway
  namespace: istio-system
spec:
  selector:
    istio: istio-ingressgateway
  servers:
  - hosts:
    - foobar.com
    port:
      name: http
      number: 80
      protocol: HTTP
    tls:
      httpsRedirect: true
  - hosts:
    - foobar.com
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      credentialName: foobar-np-tls-credential
      mode: SIMPLE

I know gateway is just a configuration and no additional pod/container is running for this configuration. So can anyone tells me what this does in terms of traffic flow? We all understand the ingress-pod/container is listening on port 8080 and port 8443 Then how this mapped to this gateway port section? Or is it like, the port 80 in the gateway should match the port 80 in the ingress-gateway? For example assume in my ingress gateway, I have added an additional port as 5000 and targetPort as 6000, do we need to have the same 5000 here in the gateway as well under port section or I should put 6000 under port?