istio: Istio 1.4 ingress-gateway RBAC not found issue

Bug description I have a clean install of Istio 1.4 running on an AKS K8’s cluster. HTTP traffic is all good to a pod i am running. However after running through the Cert Manager Setup (Istio documentation may need updating to reflect their changes) I cannot get to my service over HTTPS following the issuing of certificates.

The error that my Istio-ingressgateway pod is logging is:

error k8s.io/client-go@v11.0.1-0.20190409021438-1a26190bd76a+incompatible/tools/cache/reflector.go:98: Failed to list *v1.Secret: secrets is forbidden: User “system:serviceaccount:istio-system:istio-ingressgateway-service-account” cannot list resource “secrets” in API group “” in the namespace “istio-system”: RBAC: role.rbac.authorization.k8s.io “istio-ingressgateway-sds” not found

Expected behavior Be able to have https traffic routed to my pods when hitting the public endpoint & leveraging a lets encrypt certificate.

Steps to reproduce the bug Its constant for all services service i attempt to communicate with over https

Version (include the output of istioctl version --remote and kubectl version and helm version if you used Helm) Istioctl:client version: 1.4.0 - control plane version: 1.4.0 - data plane version: 1.4.0 (2 proxies) Kubectl: Major:“1”, Minor:“13”, GitVersion:“v1.13.12” Helm: 3.0 Cert Manager: v0.12

How was Istio installed?

istioctl manifest apply
–set values.gateways.istio-ingressgateway.sds.enabled=true
–set values.global.k8sIngress.enabled=true
–set values.global.k8sIngress.enableHttps=true
–set values.global.k8sIngress.gatewayName=ingressgateway
–set values.grafana.enabled=true
–set values.grafana.security.enabled=true
–set values.kiali.enabled=true
–set values.tracing.enabled=true \

Then followed this along with cert manager steps for v0.12: https://istio.io/docs/tasks/traffic-management/ingress/ingress-certmgr/#configuring-dns-name-and-gateway Environment where bug was observed (cloud vendor, OS, etc)

AKS - Azure