Consul connect-inject ACL issue

Installing consul 1.10.0 and consul-k8s-control-plane 0.33.0 with the official HashiCorp helm chart on Kubernetes v1.21.2-eks-0389ca3 gives the following error in the connect-inject init container:

Unable to get Agent services: error=“Unexpected response code: 403 (ACL not found)”

manageSystemACLs is set to true

As far as I understand this should be enough to get proxying between services to work. Consul 1.9.4 with consul-k8s 0.25.0 on v1.19.13-eks-8df270 does work with this setting.

Sounds similar to consul-connect-inject-init failing · Issue #625 · hashicorp/consul-k8s · GitHub