openshift-apiserver doesn't live reload extension-apiserver-authentication trust openssl verify -CAfile <( oc -n kube-system get cm extension-apiserver-authentication --template='{{index .data "requestheader-client-ca-file"}}' ) <( oc get secret -n openshift-kube-apiserver aggregator-client --template='{{index .data "tls.crt"}}' | base64 -d ) /proc/self/fd/12: OK but kube-apiserver still can't connect to discovery oc get apiservices v1.apps.openshift.io -o yaml apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: name: v1.apps.openshift.io status: conditions: - lastTransitionTime: "2020-05-26T15:08:10Z" message: 'failing or missing response from https://10.130.0.18:8443/apis/apps.openshift.io/v1: bad status from https://10.130.0.18:8443/apis/apps.openshift.io/v1: 401' reason: FailedDiscoveryCheck status: "False" type: Available Hit on recovery flow when the trust is rotated.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409