How to connect between one service sidecar in Istio with NATS cluster

for istio 1.8

nats and nats streaming ymal can be found on

https://github.com/nats-io/nats-operator

https://github.com/nats-io/nats-streaming-operator

If you don't connect by node port outside from kubernetes cluster. You just use default istio settings and inject sidecar for nats pods. It works. But if you want to connect nats by node port from outside. You need disable mtls. My setting is default mtls, pods of nats and nats streaming inject sidecar. And nats only accept traffic of text plain and nats only send traffic with text plain.

add following peer authentication:

    apiVersion: "security.istio.io/v1beta1"
    kind: "PeerAuthentication"
    metadata:
      name: "nats"
    spec:
      selector:
        matchLabels:
          app: nats
      mtls:
        mode: DISABLE
    ---
    apiVersion: "security.istio.io/v1beta1"
    kind: "PeerAuthentication"
    metadata:
      name: "nats-streaming"
    spec:
      selector:
        matchLabels:
          app: nats-streaming
      mtls:
        mode: DISABLE

add following destination rule:

    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: nats
    spec:
      host: "nats-server.acm.svc.cluster.local"
      trafficPolicy:
        tls:
          mode: DISABLE
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: nats-server-nodeport
    spec:
      host: "nats-server-nodeport.acm.svc.cluster.local"
      trafficPolicy:
        tls:
          mode: DISABLE
    ---
    apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: nats-server-mgmt
    spec:
      host: "nats-server-mgmt.acm.svc.cluster.local"
      trafficPolicy:
        tls:
          mode: DISABLE