mTLS between services across mesh boundary

I have a pod A deployed with its own cert and key, the cert being issued from the same signing certificate which the mesh uses. The pod didn’t have the mesh sidecar. If I now want to configure mTLS connectivity between pods inside the mesh and this pod, I am trying to understand the simplest configuration that would work for me.

  1. A destination rule for the pod A, specifying ISTIO_MUTUAL as the TLS mode for the FQDN of the target service A.

Would I need any egress gateway and virtual service as well?

It depends on your requirement, egress offers central mechanism for outgoing traffic symmetric to ingress.
As you wanted to achieve simple communication you can achieve it with service entry and destination rule.