Verified in 4.5.0-0.nightly-2020-03-05-190442 env: $ oc logs kube-apiserver-ip-10-0-139-77.us-east-2.compute.internal -n openshift-kube-apiserver -c kube-apiserver -f > kas-45.log # reported bug 1810997 In another terminal: $ oc get po -n openshift-kube-apiserver -l apiserver --show-labels --watch In third terminal: $ oc edit secret/aggregator-client -n openshift-kube-apiserver # remove auth.openshift.io/certificate-not-after and before Then check above logs, found: $ grep aggregator-clien kas-45.log I0306 11:35:17.857384 1 dynamic_serving_content.go:111] Loaded a new cert/key pair for "aggregator-proxy-cert::/etc/kubernetes/static-pod-certs/secrets/aggregator-client/tls.crt::/etc/kubernetes/static-pod-certs/secrets/aggregator-client/tls.key"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409