Bug Description

The sidecar API attributes seem to be not considering IPv6 addresses.
For eg: see defaultEndPoints, bind attributes at https://istio.io/latest/docs/reference/config/networking/sidecar/#IstioIngressListener.

For eg: The sidecar api restricts the defaultEndpoints in the IstioIngressListeners to IPv4 address only.
(Interestingly, the default 0.0.0.0 seems to be resolved in the sidecar proxys on pods in our IPv6 cluster – as well as [::]. not sure how)

A config like below results in an error:

apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
metadata:
  name: ingress-sidecar
#  namespace: istio-system
spec:
  workloadSelector:
    labels:
      app: httpbin
      version: v1
  ingress:
  - port:
      number: 9080
      protocol: HTTPS
      name: external
    defaultEndpoint: '[::]:80'
    tls:
      mode: MUTUAL
      privateKey: "/etc/istio/certs/tls.key"
      serverCertificate: "/etc/istio/certs/tls.crt"
      caCertificates: "/etc/istio/certs/ca.crt"
  - port:
      number: 9081
      protocol: HTTP
      name: internal
    defaultEndpoint: '[::]:80'

kubectl apply -f sidecar.yaml
Error from server: error when creating "sidecar.yaml": admission webhook "validation.istio.io" denied the request: configuration is invalid: 4 errors occurred:
* sidecar: defaultEndpoint must be of form 127.0.0.1:, 0.0.0.0:, unix://filepath, or unset
* sidecar: defaultEndpoint port () is not a number: strconv.Atoi: parsing "": invalid syntax
* sidecar: defaultEndpoint must be of form 127.0.0.1:, 0.0.0.0:, unix://filepath, or unset
* sidecar: defaultEndpoint port () is not a number: strconv.Atoi: parsing "": invalid syntax

Version

istioctl version

1.15

kubectl version

1.23

Additional Information

No response