Not ready to switch validation to fail-closed: dummy invalid config not rejected error

My istioctl version 1.16.0
kubernetes version 1.25
CNI - cilium 1.12.4

my install process

kubectl create namespace istio-system

istioctl operator init

cat <<EOF | kubectl apply -f -
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  name: istio
  namespace: istio-system
spec:
  profile: demo
  components:
    ingressGateways:
      - name: istio-ingressgateway
        k8s:
          service:
            ports:
              - port: 15021
                targetPort: 15021
                name: status-port
              - port: 80
                targetPort: 8080
                nodePort: 31080
                name: http2
              - port: 443
                targetPort: 8443
                nodePort: 31443
                name: https
              - port: 32400
                targetPort: 31400
                nodePort: 32400
                name: tcp
              - port: 15443
                targetPort: 15443
                nodePort: 32443
                name: tls
EOF

cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: http-compressor-v3
  namespace: istio-system
spec:
  workloadSelector:
    labels:
      # Put same labels that will identify your application
      istio: ingressgateway
  configPatches:
    - applyTo: HTTP_FILTER
      match:
        context: GATEWAY
        listener:
          filterChain:
            filter:
              name: envoy.filters.network.http_connection_manager
              subFilter:
                name: envoy.filters.http.router
      patch:
        operation: INSERT_BEFORE
        value:
          name: envoy.filters.http.compressor
          typed_config:
            # See https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/compressor_filter for full options
            '@type': type.googleapis.com/envoy.extensions.filters.http.compressor.v3.Compressor
            compressor_library:
              name: text_optimized
              compression_level: DEFAULT
              memory_level: 9
              window_bits: 15
              typed_config:
                '@type': type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip
            remove_accept_encoding_header: true
EOF

When installing the cluster external secret, the following error log appears.

Error from server (InternalError): error when creating "STDIN": Internal error occurred: failed calling webhook "validate.clustersecretstore.external-secrets.io": failed to call webhook: Post "https://external-secrets-webhook.external-secrets.svc:443/validate-external-secrets-io-v1beta1-clustersecretstore?timeout=5s": context deadline exceeded

istiod pod log

2023-01-09T08:53:20.335936Z	info	validationController	Not ready to switch validation to fail-closed: dummy invalid config not rejected
2023-01-09T08:53:20.336028Z	info	validationController	validatingwebhookconfiguration istio-validator-istio-system (failurePolicy=Ignore, resourceVersion=1351) is up-to-date. No change required.
2023-01-09T08:58:30.352403Z	info	validationController	Not ready to switch validation to fail-closed: dummy invalid config not rejected

kube-api-server pod log

W0109 09:03:40.358944       1 dispatcher.go:174] Failed calling webhook, failing open rev.validation.istio.io: failed calling webhook "rev.validation.istio.io": failed to call webhook: Post "https://istiod.istio-system.svc:443/validate?timeout=10s": context deadline exceeded
E0109 09:03:40.358983       1 dispatcher.go:181] failed calling webhook "rev.validation.istio.io": failed to call webhook: Post "https://istiod.istio-system.svc:443/validate?timeout=10s": context deadline exceeded

Which part do I need to fix?

i tried