Ingress Gateway without TLS Termination[1] failed on OCP 4.2.x
[1] https://archive.istio.io/v1.4/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/#configure-an-ingress-gateway

Environment Info:
OCP 4.2.30
OSSM 1.1.1
oc version
Client Version: openshift-clients-4.2.30-202004180432
Kubernetes Version: v1.14.6-152-g117ba1f
kubectl version
Client Version: version.Info

Server Version: version.Info

oc client and kubectl client are in the same bundle from [2]
[2] https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.2.30/openshift-client-linux-4.2.30.tar.gz

The following command described in istio.io doc failed on OCP4.2.x:

kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:   name: nginx
spec:   hosts:   - nginx.example.com
  gateways:   - mygateway
  tls:   - match:     - port: 443
      sni_hosts:       - nginx.example.com
    route:     - destination:         host: my-nginx
        port:           number: 443
EOF

error validating data: ValidationError(VirtualService.spec.tls[0].match[0]): unknown field "sni_hosts" in io.istio.networking.v1alpha3.VirtualService.spec.tls.match

However, replace "kubectl" with "oc" . It works without error.

oc apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:   name: nginx
spec:   hosts:   - nginx.example.com
  gateways:   - mygateway
  tls:   - match:     - port: 443
      sni_hosts:       - nginx.example.com
    route:     - destination:         host: my-nginx
        port:           number: 443
EOF

virtualservice.networking.istio.io/nginx created

I also tested on OCP4.3.x and OCP4.4.0 . There is no error running either kubectl or oc apply .

Problem behavior on OCP4.2.x:
when user follows [1] and run kubectl from [2], unexpected error failed the VirtualService creation.

Expected bahavior:
kubectl and oc from [2] should have consistent result on OCP4.2.x.
kubectl and oc from [2] should have consistent result between OCP4.2.x and OCP4.3.x