Istio 1.8.2 : Automated WorkloadEntry Creation - Token generation fails

Hi, I am trying out the auto registration (of VMs) feature in Istio 1.8.2 and k8s 1.18.10. I was following the steps in Istio / Virtual Machine Installation but running into issues in the following step where we generate the files for VM.

istioctl x workload entry configure -f workloadgroup.yaml -o “${WORK_DIR}” --autoregister

The error is :

Error: could not create a token under service account vm-account in namespace vm-namespace: the server could not find the requested resource

Env:

kubectl version
Client Version: version.Info{Major:“1”, Minor:“18”, GitVersion:“v1.18.10”, GitCommit:“62876fc6d93e891aa7fbe19771e6a6c03773b0f7”, GitTreeState:“clean”, BuildDate:“2020-10-15T01:52:24Z”, GoVersion:“go1.13.15”, Compiler:“gc”, Platform:“darwin/amd64”}
Server Version: version.Info{Major:“1”, Minor:“18”, GitVersion:“v1.18.10”, GitCommit:“62876fc6d93e891aa7fbe19771e6a6c03773b0f7”, GitTreeState:“clean”, BuildDate:“2020-10-15T01:43:56Z”, GoVersion:“go1.13.15”, Compiler:“gc”, Platform:“linux/amd64”}

I was able to previously generate the token and configure the VM, but I was running into connectivity issues. I wanted to try this out in istio 1.7x and ran into the same error while creating Kubernetes Token. Subsequently I am not able to get past this error even in Istio 1.8.2.

echo ‘{“kind”:“TokenRequest”,“apiVersion”:“authentication.k8s.io/v1",“spec”:{“audiences”:[“istio-ca”],"expirationSeconds”:’$tokenexpiretime’}}’ | kubectl create --raw /api/v1/namespaces/$VM_NAMESPACE/serviceaccounts/SERVICE_ACCOUNT/token -f - | jq -j '.status.token' > "{WORK_DIR}"/istio-token

I am getting the same error on Minikube as well as Kind.
Not sure if this has anything to do with some cached files…but I already tried deleteting ~/.kube and ~/.minikube directories.

Please suggest how to proceed further.

Likely Istio / Security Best Practices. I think we need to make the command fail better in this case

Thanks so much for pointing me to that. It was because of third-party-jwt, which is not supported on minikube with k8s <v1.20.0.
Seems like earlier(when it was working), I just used the default kubernetes version in minikube which was 1.20.0 on which third-party-jwt is supported.
Additional info in the error message and/or a note in the VM setup instructions will be useful.