Consul doesn't create envoy container with calico

Hi, I’m trying to migrate from aws-cni to calico-cni due to the ipv4 that aws restricts each node from eks node cluster.
Consul was working perfectly with aws-cni, but when it comes to calico-cni it doesn’t seems correctly.

The worker nodes are using calico and are deployed just fine.
But if I try to use connectInject it doesn’t work anymore, if I add failurePolicy: Ignore it does deploy the pods but not with sidecarProxy…

this is the block for connectInject that I’m using:

connectInject:
  enabled: true
  cni:
    enable: true
    logLevel: debug
    cniBinDir: "/opt/cni/bin/calico"
    cniNetDir: "/etc/cni/net.d/calico-kubeconfig"
  transparentProxy:
    defaultEnabled: true
  sidecarProxy:
    resources:
      requests:
        memory: 100Mi
        cpu: 100m
      limits:
        memory: 100Mi
        cpu: 100m

Describing the statefulset this is what events throws:

create Pod xxxxxxxxxxx  in StatefulSet xxxxxxxxxxxxx failed error: Internal error occurred: failed calling webhook "consul-connect-injector.consul.hashicorp.com": failed to call webhook: Post "https://consul-connect-injector.consul.svc:443/mutate?timeout=10s": Address is not allowed

I don’t see any error at any consul pod. What I’m missing?