Hello People, for the below questions what will be est suitable answer, " create a sidecar resource in a specific ns to enable mTLS auth, to STRICT in the NS.

apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: default
namespace: your-target-namespace
spec:
mtls:
mode: STRICT

OR******

apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
metadata:
name: default
namespace: your-target-namespace
spec:

This restricts the sidecar to only see services in its own namespace

and the istio-system namespace.

egress:
- hosts:
- “./"
- "istio-system/”

This restricts the inbound traffic allowed by the sidecar

ingress:
- port:
number: 8080
protocol: HTTP
name: http
defaultEndpoint: 127.0.0.1:8080