This is related to the situation described in https://issues.redhat.com/browse/OCPBUGS-50014 and in https://redhat-internal.slack.com/archives/C04EUL1DRHC/p1738950898781059 . When a hosted cluster's API server certificate expires, it gets regenerated and the admin kubeconfig is updated. Will it break the hosted cluster's klusterlet agents which were configured using the older admin kubeconfig? 

This task involves experimenting this situation to see the MCE behaviour and potentially fix a bug if identified. 

Since some initial ROSA-hcp cluster certificates are set to expire soon since its GA, this task is critical.

Josh Branham from ROSA SRE had to do the following to fix the klusterlet agent problem.

• Delete the external-admin-kubeconfig secret in the klusertlet namespace
• Annotate the hostedcluster to restart it
• New secret was populated in klusterlet namespace
• Deleted the crashlooping config-policy-controller and klusterlet-addon-workmgr
• Version is updated