Internal and External Ingress Gateways
By default, Knative ships with a single ingress gateway. However, some installations (such as Google Cloud Run on GKE) ships with two separate gateways: one for internal traffic, one for external traffic.
This is designed to separate internal (cluster-local traffic and public traffic, and prevent accidental exposure.
This “cluster-local gateway” isn't installed by default, but you can self-install it with custom Istio template.
Internal domains are registered for routing only on cluster-local
gateway, and external domains are only registered on external gateway.
If a request with an unrecognized domain go to the wrong gateway, the gateway
404 Not Found.
In Google Cloud Run on GKE, these gateways are deployed as Kubernetes Services in
istio-ingress.gke-system.svc.cluster.local(type: LoadBalancer, public)