I am looking at evaluating Istio for my work as a part of moving to zero trust between our internal services. We operate mostly on k8 clusters now, but we have some non k8 workloads still as well. Due to this one of the requirements is being able to use mTLS from connections outside the cluster. I followed this guide and I was able to successfully set the connection to only occur if we pass mTLS from outside the cluster. The one problem I have now is this seems to be done in strict mode. For connections that are inside the cluster I have a PeerAuthentication resource set up with mode set to PERMISSIVE and that works great. For the connections coming outside the cluster it seems to be running in STRICT mode. Is there a way to get connections coming in through the gateway to act in PERMISSIVE? We would want to use that during the migration period. I have set the system up using the Kubernetes gateway apis and not istio classic.