External services in a multicluster topology

I have 2 different Kubernetes clusters setup and connected via VPN. Currently they are sharing a single Istio control plane. This was setup according to the documentation at https://istio.io/docs/setup/kubernetes/install/multicluster/vpn/ . I’m trying to figure out the best way to connect a pod in one of the clusters to an external service (mongodb) on the same network as the other cluster (see diagram

). While I could directly address the database from my pod, I want to instead utilize mTLS as the traffic goes across the 2 clusters. Otherwise the traffic would be unencrypted as it egresses out of cluster A until it hits the VPN gateway. Is there a good way to handle this situation? I’m thinking something like setting up the egress point to be in cluster B but I’m not sure how that would be configured. Thanks for the help!