User "system:anonymous" cannot list resource

Hello. I am trying to access istio Gateway but getting permission exception. The code I use to access it:

        final String clusterURL = "https://api.crc.testing:6443";
        System.out.println("Connecting to OpenShift cluster at " + clusterURL + "\n");

        Config config = new ConfigBuilder()
                .withMasterUrl(clusterURL)
                .withUsername("kubeadmin")
                .withPassword("my-secret-pass-123")
                .build();
        OpenShiftClient client = new DefaultOpenShiftClient(config);

        ServiceList myNsServices = client.services().inNamespace("test1").list();
        System.out.println("Trying to get services");
        for (Service service : myNsServices.getItems()) {
            System.out.println("Service name = " + service.getMetadata().getName());
        }

        IstioClient istioClient = new DefaultIstioClient(config);
        System.out.println("Trying to get gateways");
        GatewayList gatewayList = istioClient.v1beta1Gateway().inNamespace("test1").list();
        for (Gateway gateway : gatewayList.getItems()) {
            System.out.println("Gateway name = " + gateway.getMetadata().getName());
        }

The error I am getting:

Connecting to OpenShift cluster at https://api.crc.testing:6443

Trying to get services
Service name = nginx-service
Trying to get gateways
2020-12-05 01:49:43.595  WARN 9751 --- [           main] i.f.k.client.internal.VersionUsageUtils  : The client is using resource type 'gateways' with unstable version 'v1beta1'
Exception in thread "main" io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://api.crc.testing:6443/apis/networking.istio.io/v1beta1/namespaces/test1/gateways. Message: Forbidden! User kube:admin/api-crc-testing:6443 doesn't have permission. gateways.networking.istio.io is forbidden: User "system:anonymous" cannot list resource "gateways" in API group "networking.istio.io" in the namespace "test1".
 at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:570)
 at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:507)
 at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:474)
 at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:435)
 at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:418)
 at io.fabric8.kubernetes.client.dsl.base.BaseOperation.listRequestHelper(BaseOperation.java:160)
 at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:675)
 at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:84)
 at com.example.applicaitonApplication.test1(Application.java:49)
 at com.example.applicaitonApplication.main(Application.java:27)

As you may see, OpenShiftClient works well (I am successfully getting Service name = nginx-service). I use the same config for OpenShiftClient and IstioClient. But IstioClient does not work as I expect. I am able to get gateway through oc:

$ oc whoami
kube:admin
$ oc get gateways
NAME            AGE
nginx-gateway   53m
$ oc get gateway -o yaml
apiVersion: v1
items:
- apiVersion: networking.istio.io/v1beta1
  kind: Gateway
  metadata:
    creationTimestamp: 2020-12-04T22:18:36Z
    generation: 1
    managedFields:
    - apiVersion: networking.istio.io/v1beta1
      fieldsType: FieldsV1
      fieldsV1:
        f:spec:
          .: {}
          f:selector:
            .: {}
            f:istio: {}
          f:servers: {}
      manager: kubectl-create
      operation: Update
      time: 2020-12-04T22:18:36Z
    name: nginx-gateway
    namespace: test1
    resourceVersion: "336915"
    selfLink: /apis/networking.istio.io/v1beta1/namespaces/test1/gateways/nginx-gateway
    uid: a5b8128c-5a8e-46b6-ac2e-7ea5f19a6298
  spec:
    selector:
      istio: ingressgateway
    servers:
    - hosts:
      - '*'
      port:
        name: http
        number: 80
        protocol: HTTP
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

I am using openshift Code Ready Containers. I did not change any permissions for resources. Gateway and Virtual Service works as expected:

$ curl http://istio-ingressgateway-istio-system.apps-crc.testing/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

my dependencies are:

        <dependency>
            <groupId>io.fabric8</groupId>
            <artifactId>openshift-client</artifactId>
            <version>4.13.0</version>
        </dependency>
        <dependency>
            <groupId>me.snowdrop</groupId>
            <artifactId>istio-client</artifactId>
            <version>1.6.5-Beta6</version>
        </dependency>

I see simillar issue with system:anonymous in client - https://github.com/fabric8io/kubernetes-client/issues/1625. But he disable security for system:anonymous, I don't think it is a safe solution. What can I do to fix this problem?

snowdrop / istio-java-api

User "system:anonymous" cannot list resource #120