In order to recover from an offline cluster with expired etcd peer,server and client certs, we need some kind of cmd or utility that can be invoked on the expired cluster to regenerate those certs on each etcd node.

Part of this will require figuring out how to detect an offline cluster state with expired certs so we can run this command. And lastly how we end up distributing the certs to all nodes and consumers (etcd client cert for the API server).

See: https://github.com/openshift/cluster-etcd-operator/pull/1227#issuecomment-2016957521