This is split off from https://bugzilla.redhat.com/show_bug.cgi?id=2035757 to cover issues post-install. Due to limitations in the load balancer on alibaba cloud, a request made from a control plane host to api-int will fail if the backend server handling that request is the same host. If there is ever a time when there is only one kube-apiserver pod running, then the cluster will become unusable. The node running that kube-apiserver pod will not be able to send heartbeats to the api server. The token for the node will be revoked. The kube-apiserver pod will devolve into a state where it cannot handle requests. At that point, there is no functioning api server, and there is no resolution without manual intervention by the cluster administrator.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056