When enabling mTLS for the mesh the default destination rule is created with "spec.host: *.local" which may conflict when main domain of the cluster also uses .local as root domain, like for example - ocp4.example.local - which a lot of customers use for private OCP clusters.
Since the main purpose here is to enable mTLS between mesh workloads I think it would be better to change the template that the operator uses to create the destinationRule:

spec:
host: "*.{{ .Values.global.proxy.clusterDomain }} – > perhaps like this so if not configured by default we'd get *.cluster.local?
{{- if .Values.global.defaultConfigVisibilitySettings }}
exportTo:

• '*'
  {{- end }}
  trafficPolicy:
  tls:
  mode: ISTIO_MUTUAL

  ---

https://github.com/maistra/istio-operator/blob/72821e667f7010712a58973c7e40d35bf2c5967f/resources/helm/v2.1/mesh-config/templates/enable-mesh-mtls.yaml#L32