OpenShift 4.6 and istioctl 1.6

[clueware]

Istioctl 1.6 can't find the istio pod in the istio-system namespace:

$ istioctl16 version
no running Istio pods in "istio-system"
1.6.14
data plane version: 1.6.14 (5 proxies)

Istioctl 1.9 seems to work:

$ istioctl19 version
client version: 1.9.2
control plane version: OSSM_2.0.2
data plane version: 1.6.14 (5 proxies)

Unfortunatly, when it comes to the mTLS part of the tutorial, only Istioctl 1.6 works:

$ istioctl16 experimental authz check $(kubectl get pods -n tutorial|grep customer|awk '{ print $1 }'|head -1)
Checked 12/26 listeners with node IP 172.30.155.229.
LISTENER[FilterChain]     CERTIFICATE          mTLS (MODE)          AuthZ (RULES)
<...>
virtualInbound[1]         noneSDS: default     yes (none)           no (none)
<...>
virtualInbound[3]         noneSDS: default     yes (none)           no (none)
<...>
virtualInbound[6]         noneSDS: default     yes (PERMISSIVE)     no (none)
<...>
virtualInbound[8]         noneSDS: default     yes (PERMISSIVE)     no (none)
<...>

Istioctl 1.9 seems to expect a later version of HttpConnectionManager:

$ istioctl19 experimental authz check $(kubectl get pods -n tutorial|grep customer|awk '{ print $1 }'|head -1)
2021-04-04T15:27:43.586743Z	error	failed to get HTTP connection manager config: mismatched message type: got "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager" want "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
<... same line repeated ...>
2021-04-04T15:27:43.588804Z	error	failed to get HTTP connection manager config: mismatched message type: got "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager" want "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
ACTION   AuthorizationPolicy   RULES