istio 1.5.1 deployment

version=1.5.1
wget -c https://github.com/istio/istio/releases/download/$version/istioctl-$version-linux.tar.gz
tar zxfv istioctl-$version-linux.tar.gz -C /usr/local/bin/

istioctl manifest generate --set values.gateways.istio-ingressgateway.type=ClusterIP > istio-install-$version.yaml

# necessary for the Great China LAN
sed -i -e 's?docker.io?dockerhub.azk8s.cn?g' -e 's?quay.io?quay.azk8s.cn?g' -e 's?k8s.gcr.io?gcr.azk8s.cn/google-containers?g' istio*$version*.yaml


kubectl apply -f istio-install-$version.yaml

# check 
kubectl get svc -n istio-system
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                                                                                AGE
istio-ingressgateway   ClusterIP   10.100.62.250   <none>        15020/TCP,80/TCP,443/TCP,15029/TCP,15030/TCP,15031/TCP,15032/TCP,15443/TCP,31400/TCP   2m30s
istio-pilot            ClusterIP   10.104.98.89    <none>        15010/TCP,15011/TCP,15012/TCP,8080/TCP,15014/TCP,443/TCP                               2m29s
istiod                 ClusterIP   10.111.124.63   <none>        15012/TCP,443/TCP                                                                      2m29s
prometheus             ClusterIP   10.105.80.150   <none>        9090/TCP                                                                               48s

kubectl get pods -n istio-system
NAME                                    READY   STATUS              RESTARTS   AGE
istio-ingressgateway-788b8857b7-4lfc9   0/1     ContainerCreating   0          2m52s
istiod-9d8d5f6c4-mwwf8                  0/1     ContainerCreating   0          2m50s
prometheus-664854fbfd-gzbgc             0/2     ContainerCreating   0          69s

istioctl version

error:

  Type     Reason       Age                  From                           Message
  ----     ------       ----                 ----                           -------
  Normal   Scheduled    <unknown>            default-scheduler              Successfully assigned istio-system/istio-ingressgateway-788b8857b7-4lfc9 to 10-1-4-41.srv.cn
  Warning  FailedMount  104s                 kubelet, 10-1-4-41.srv.cn  Unable to attach or mount volumes: unmounted volumes=[istiod-ca-cert istio-token], unattached volumes=[ingressgateway-certs ingressgateway-ca-certs istio-ingressgateway-service-account-token-z2s68 istiod-ca-cert istio-token ingressgatewaysdsudspath podinfo]: timed out waiting for the condition
  Warning  FailedMount  99s (x9 over 3m47s)  kubelet, 10-1-4-41.srv.cn  MountVolume.SetUp failed for volume "istiod-ca-cert" : configmap "istio-ca-root-cert" not found
  Warning  FailedMount  99s (x9 over 3m47s)  kubelet, 10-1-4-41.srv.cn  MountVolume.SetUp failed for volume "istio-token" : failed to fetch token: the API server does not have TokenRequest endpoints enabled

https://github.com/istio/istio/issues/22463