We don't need recovery apiserver anymore with auto-recovery. We want to avoid customers accidentally running it and maintenance.
In version that does not apply the dropping: $ RELEASE_IMAGE=registry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-09-24-094317 $ KAO_IMAGE=$(oc adm release info ${RELEASE_IMAGE} --image-for=cluster-kube-apiserver-operator ) $ podman pull "${KAO_IMAGE}" $ podman run -it --entrypoint=/usr/bin/cluster-kube-apiserver-operator "${KAO_IMAGE}" --help ... Available Commands: ... recovery-apiserver regenerate-certificates ... In version that merges the dropping, commands recovery-apiserver and regenerate-certificates are removed: $ RELEASE_IMAGE=registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-09-24-111253 $ KAO_IMAGE=$(oc adm release info ${RELEASE_IMAGE} --image-for=cluster-kube-apiserver-operator ) $ podman pull "${KAO_IMAGE}" ... Available Commands: cert-regeneration-controller Start the Cluster Certificate Regeneration Controller cert-syncer check-endpoints Checks that a tcp connection can be opened to one or more endpoints. help Help about any command insecure-readyz Proxy the /readyz endpoint insecurely on an HTTP port installer Install static pod and related resources operator Start the Cluster kube-apiserver Operator prune Prune static pod installer revisions render Render kubernetes API server bootstrap manifests, secrets and configMaps resource-graph Provides an often out-dated snapshot of where resources come from. Flags: ... In version that merges the dropping, recent cert DR has no issue, e.g. 4.6.0-0.nightly-2020-09-17-073141 in 1880396#c0 DR test.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196