i playing with istio recently, i have followed this for setting up secure ingress with SDS.
What i like to do is instead of strict mTLS validation i like to set it as optional mTLS validation. To allow clients with or without mTLS certs to connect.
I tried to add something like this, but does not work.
kubectl apply -f - <<EOF apiVersion: "rbac.istio.io/v1alpha1" kind: ClusterRbacConfig metadata: name: default spec: mode: 'ON_WITH_INCLUSION' inclusion: namespaces:  enforcement_mode: PERMISSIVE EOF
if someone can give some suggestions it would be really great thanks in advance.