I am getting the following error while creating a gateway for the sample bookinfo application

Internal error occurred: failed calling admission webhook "pilot.validation.istio.io": Post https://istio-galley.istio-system.svc:443/admitpilot?timeout=30s: Address is not allowed

I have created a EKS poc cluster using two node-groups (each with two instances), one with t2.medium and another one is with t2.large type of instances in my dev AWS account using two subnets with /26 subnet with default VPC-CNI provided by EKS

But as the cluster is growing with multiple services running, I started facing issues of IPs not available (as per docs default vpc-cni driver treat pods as an EC2 instance)

to avoid same I followed following post to change networking from default to weave

https://medium.com/codeops/installing-weave-cni-on-aws-eks-51c2e6b7abc8

because of same I have resolved IPs unavailability issue,

Now after network reconfiguration from vpc-cni to weave

I am started getting above issue as per subject line for my service mesh configured using Istio

There are a couple of services running inside the mesh and also integrated kiali, prometheus, jaeger with the same.

I tried to have a look at Github (https://github.com/istio/istio/issues/9998) and docs (https://istio.io/docs/ops/setup/validation/), but could not get a proper valid answer.

Let me if anyone face this issue and have partial/full solution on this.