Have seen that lot of teams are having issue to reach podIP and ports when applying mtls-strict. Infact we had some difficult trying to achieve that using service entry and rules as maintenance is tough.
We worked around the problem using the following approach.
Basically the pod and port combination we created as a service entry. We make that service as headless. In that way we can avoid managing the endpoints manually using Service Entry, Also all the endpoints,port are treated as service and mtls will function between two pods via the pod IP,port combination.
We would like to know if our understanding is right and also hopefully it helps others who are trying to achieve the same.