To ensure the API Server utilizes its own key pair, set the masterCA
parameter to the public key file for service accounts in the openshift-kube-controller-manager configmap on the master
node(s):
"extendedArguments": {
...
"root-ca-file": [
"/etc/kubernetes/static-pod-resources/configmaps/serviceaccount-ca/ca-bundle.crt"
],
...