Hi Everyone, I have some issues currently after updating to Rancher 2.6.8 where I cannot exec to any pods:

$ kubectl exec -it my-pod -- sh
Error from server:

after debugging with

kubectl -v=7 exec -it my-pod -- sh

I saw:

I0914 13:35:16.704958   79032 round_trippers.go:457] Response Status: 403 Forbidden in 95 milliseconds
I0914 13:35:16.705922   79032 helpers.go:216] server response object: [{
  "metadata": {}
}]

so it seems there is some premission issue even though i am the cluster admin. I just upgraded Rancher and decided to setup a cert-manager Certificate with istio:

apiVersion: <http://networking.istio.io/v1beta1|networking.istio.io/v1beta1>
kind: Gateway
metadata:
  name: rancher
  namespace: cattle-system
spec:
  selector:
    app: istio-ingressgateway
  servers:
    - port:
        number: 443
        name: https
        protocol: HTTPS
      hosts:
      - <http://rancher.example.com|rancher.example.com>
      tls:
        mode: SIMPLE
        credentialName: <http://rancher.example.com|rancher.example.com>
---
apiVersion: <http://networking.istio.io/v1beta1|networking.istio.io/v1beta1>
kind: VirtualService
metadata:
  name: rancher
  namespace: cattle-system
spec:
  gateways:
  - rancher
  hosts:
  - <http://rancher.example.com|rancher.example.com>
  http:
  - name: "http"
    route:
    - destination:
        host: rancher.cattle-system.svc.cluster.local
        port:
          number: 80

Is there is something missing from my part?