I have exposed port 5044 through an Istio gateway/virtual service for Logstash beats ingestion. All other ports defined in this gateway/VS are accessible through Istio, but 5044 is not. However, the service it points to is accessible from within my cluster.
# Source: elk/templates/gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: elk-gateway
labels:
heritage: "Helm"
release: "elk"
chart: "elk"
app: "elk"
annotations:
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- elk.example.com
port:
name: https-kibana
number: 443
protocol: HTTPS
tls:
mode: PASSTHROUGH
- hosts:
- elk.example.com
port:
name: http-kibana
number: 80
protocol: HTTP
tls:
httpsRedirect: true
- hosts:
- elk.example.com
port:
name: https-elasticsearch
number: 9200
protocol: HTTPS
tls:
mode: PASSTHROUGH
- hosts:
- elk.example.com
port:
name: tls-beat
number: 5044
protocol: TLS
tls:
mode: PASSTHROUGH
---
# Source: elk/templates/virtualservice.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: "elk-vs"
labels:
heritage: "Helm"
release: "elk"
chart: "elk"
app: "elk"
annotations:
spec:
gateways: [ "elk-gateway" ]
hosts:
- elk.example.com
tls:
- match:
- port: 443
sni_hosts:
- elk.example.com
route:
- destination:
host: elk-kibana
port:
number: 5601
- match:
- port: 9200
sni_hosts:
- elk.example.com
route:
- destination:
host: elk-es-data-headless
port:
number: 9200
- match:
- port: 5044
sni_hosts:
- elk.example.com
route:
- destination:
host: elk-logstash-beat
port:
number: 5044