During Cluster CA renewal, the Cluster CA secret might contain multiple public keys belonging to different generation of the CA. It is important for all components to load all of them to allow smooth rollout of CA changes, when the components might need to trust both the old and new CA. This applies also to the ZookeeperScaler as well as to the DefaultAdminClientProvider. They should not use only the ca.crt but all *.crt files. Without that, they will be unable to connect for example during renewals of own Cluster CAs.