Description of problem:

When attempting to import AKS cluster the following error is observed:
after copying and pasting the command to the target AKS cluster, relevant resources (deployment, namespace, CRDs etc) get created, but the pod remains in a Not Ready state with the following error being printed in the logs. 
error initializing delegating authentication: unable to load configmap based request-header-client-ca-file: Get "https://###.##.#.#:443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication": EOF

On the hub cluster we discovered a certificate error and resolved with the help of https://access.redhat.com/solutions/6993953
However, on the managed cluster we are still seeing the klusterlet error:
unable to get owner reference (falling back to namespace): Get "https://###.##.#.#:443/api/v1/namespaces/open-cluster-management-agent/pods": EOF
klusterlet version 2.3.3-
error initializing delegating authentication: unable to load configmap based request-header-client-ca-file: Get "https://###.##.#.#:443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication": EOF

Version-Release number of selected component (if applicable):

2.8.0

How reproducible:

Seems to be reproducible if in the environment the the OLM packageserver CA bundle has a cert issue

Steps to Reproduce:

1.  
2.  
3. ...

Actual results:

Expected results:

Additional info: