Yea @limited-pizza-33551. I did see that! What's not clicking for me is that I have a fleet of 20 clusters that I manage and this is the very first time I am having to do to rotate the kube-apiserver cert manually. Granted the cluster this happened on is low traffic and never had a scale up and down activity since creation.
Do you know if certain operations such as adding or removing nodes for example can trigger the cert rotation?