Istio v1.8.1: How to enable validatingwebhook's failurePolicy to fail?

Hi,
I installed istio with istioctl and the following overrides in EKS v1.18:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  profile: default
  revision: 1-8-1
  tag: 1.8.1-distroless
  components:
    egressGateways:
      - name: istio-egressgateway
        enabled: true
  meshConfig:
    accessLogFile: /dev/stdout
    accessLogEncoding: JSON
    defaultConfig:
      holdApplicationUntilProxyStarts: true
    # defaultServiceExportTo: .
    enableAutoMtls: true
    enableTracing: false
    outboundTrafficPolicy:
      mode: REGISTRY_ONLY
  values:
    # tracing:
    #   enabled: false
    pilot:
      traceSampling: 0.0

When I see istiod logs, it shows that invalid configs are allowed as validation webhook is set to ignore.
Istiod logs:

2021-01-13T07:26:40.423009Z	info	validationController	Reconcile(enter): retry dry-run creation of invalid config
2021-01-13T07:26:40.429378Z	info	validationController	Not ready to switch validation to fail-closed: dummy invalid config not rejected
2021-01-13T07:26:40.430251Z	info	validationController	validatingwebhookconfiguration istiod-istio-system (failurePolicy=Ignore, resourceVersion=2488575) is up-to-date. No change required.

I tried to follow the steps mentioned here: Istio / Configuration Validation Problems, but I don’t see istio-validation configmap in istio-system namespace and I can’t find global.configValidation option in the docs.
What am i missing?