I've deployed the same app in k8s in two different namespaces: nsgreen and nsblue. The desired outcome is to be able to access apps for both namespaces on port 80:

• nsgreen: http://myapp.int.mydomain.com
• nsblue: http://myapp-blue.int.mydomain.com

My gateway is created in the istio-system namespace as follows:

### Gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: mygateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - hosts:
    - myapp-blue.int.mydomain.com
    port:
      name: myapp-server-blue
      number: 80
      protocol: HTTP
  - hosts:
    - myapp.int.mydomain.com
    port:
      name: myapp-server
      number: 80
      protocol: HTTP

Virtual service for my-app in nsblue:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myapp-vs-blue
  namespace: istio-system
spec:
  gateways:
  - mygateway
  hosts:
  - myapp-blue.int.mydomain.com
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: myapp-server-blue.nsblue.svc.cluster.local
        port:
          number: 8080
      weight: 100

Virtual service for my app in nsgreen

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myapp
  namespace: istio-system
spec:
  gateways:
  - mygateway
  hosts:
  - myapp.int.mydomain.com
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: myapp-server.nsgreen.svc.cluster.local
        port:
          number: 8080
      weight: 100

When accessing http://myapp.int.mydomain.com (nsgreen), port 80 seems to be working fine but in the case of myapp-blue (nsblue), I can only access it through port 8080 (http://myapp-blue.int.mydomain.com:8080) instead of 80.

Note: In case that matters, both namespaces have the label istio-injection=enabled.

Can anyone shed some light on what's wrong with my yaml files to achieve the desired outcome above?