In my k8s cluster there is a Pod (prometheus/node-exporter) that uses hostNetwork to collect metrics from a node. The same Pod sends collected data to Prometheus, which is a part of Istio service mesh. The service mesh requires all traffic to be secured by mTLS (we do not want to make any excuses).
Since the node-exporter uses hostNetwork it does not have a sidecar and it can not take advantage of Istio mTLS.
I am wondering if I can enforce sidecar injection to node-exporter, so the traffic towards Istio service mesh is secured by mTLS without disrupting host network ?