Describe the bug
I get KIA0301 warning in Kiali UI, that my Gateway configuration is bad, but Kiali doesn't check that I have 2 different ingress-gateways.
KIA0301 documentation says:
Gateway creates a proxy that forwards the inbound traffic for the exposed ports. If two different gateways expose the same ports for the same host, this creates ambiguity inside Istio as either of these gateways could handle the traffic. This is most likely a configuration error. This check is done across all namespaces the user has access to.
but it doesn't check if used istio-ingress resources are different
Versions used
Kiali: 1.23.0
Istio: 1.6.5
Kubernetes flavour and version: AWS EKS 1.16
To Reproduce
Steps to reproduce the behavior:
➜ kubectl -n istio-system get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway-prv LoadBalancer 10.100.16.14 supersecret.amazonaws.com 15021:30378/TCP,80:32260/TCP,443:30289/TCP,15443:32552/TCP 13d
istio-ingressgateway-pub LoadBalancer 10.100.227.209 supersecret.amazonaws.com 15021:32017/TCP,80:30360/TCP,443:31177/TCP,15443:30967/TCP 13d
istiod ClusterIP 10.100.137.149 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP,853/TCP 13d
➜
---
kind: Gateway
apiVersion: networking.istio.io/v1alpha3
metadata:
name: istio-gateway-prv
namespace: istio-system
spec:
servers:
- hosts:
- '*'
port:
name: http-prv
number: 80
protocol: HTTP
tls:
httpsRedirect: true
- hosts:
- '*'
port:
name: https-prv
number: 443
protocol: HTTPS
tls:
credentialName: supersecret
mode: SIMPLE
selector:
istio: istio-ingressgateway-prv
---
kind: Gateway
apiVersion: networking.istio.io/v1alpha3
metadata:
name: istio-gateway-pub
namespace: istio-system
spec:
servers:
- hosts:
- '*'
port:
name: http-prv
number: 80
protocol: HTTP
tls:
httpsRedirect: true
- hosts:
- '*'
port:
name: https-prv
number: 443
protocol: HTTPS
tls:
credentialName: supersecret
mode: SIMPLE
selector:
istio: istio-ingressgateway-pub

Expected behavior
Check should take into account if the same ingress-gateway is being used or not.
My setup is actual working without any issues.
Thanks @tehleet, I'll cc @xeviknal to check if this is fixed in next 1.24 but thanks for pointing out the use case !
I can confirm 1.24.0 doesn't solve this.
@tehleet it does make a lot of sense. Sorry for the delay in the response and fix. I expect to put my hands later next week.