Can not perform a `oc login` after cluster has come up. This works fine with the kubeconfig retrieved from an

I used 4.12.4

Everytime

1. Create cluster using agent based 
2. oc login -u kubeadmin -p <password provided by agent based installer>

$ export KUBECONFIG=/home/redhat/xj-kubeconfig $ oc login --loglevel=8 -u=kubeadmin -p=$(jq -r .password /home/redhat/xj-kubeadmin.vault.yml) I0424 04:46:21.150765 3153542 loader.go:374] Config loaded from file: /home/redhat/xj-kubeconfig I0424 04:46:21.151017 3153542 round_trippers.go:463] HEAD https://api.xj.cars.lab:6443/ I0424 04:46:21.151029 3153542 round_trippers.go:469] Request Headers: I0424 04:46:21.158061 3153542 round_trippers.go:574] Response Status: 403 Forbidden in 7 milliseconds I0424 04:46:21.158076 3153542 round_trippers.go:577] Response Headers: I0424 04:46:21.158083 3153542 round_trippers.go:580] Audit-Id: 58346e89-47e6-416e-8f18-e04bb68ee6f0 I0424 04:46:21.158088 3153542 round_trippers.go:580] X-Kubernetes-Pf-Flowschema-Uid: 6532a2cf-3af6-4dd2-bd57-536fca5c3563 I0424 04:46:21.158093 3153542 round_trippers.go:580] X-Kubernetes-Pf-Prioritylevel-Uid: 9ef1b685-33ec-43d7-8c1f-27f54f5a1836 I0424 04:46:21.158099 3153542 round_trippers.go:580] Content-Length: 186 I0424 04:46:21.158104 3153542 round_trippers.go:580] Date: Mon, 24 Apr 2023 10:45:16 GMT I0424 04:46:21.158109 3153542 round_trippers.go:580] Cache-Control: no-cache, private I0424 04:46:21.158114 3153542 round_trippers.go:580] Content-Type: application/json I0424 04:46:21.158119 3153542 round_trippers.go:580] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload I0424 04:46:21.158124 3153542 round_trippers.go:580] X-Content-Type-Options: nosniff I0424 04:46:21.158146 3153542 request_token.go:93] GSSAPI Enabled I0424 04:46:21.158163 3153542 round_trippers.go:463] GET https://api.xj.cars.lab:6443/.well-known/oauth-authorization-server I0424 04:46:21.158167 3153542 round_trippers.go:469] Request Headers: I0424 04:46:21.158174 3153542 round_trippers.go:473] X-Csrf-Token: 1 I0424 04:46:21.158980 3153542 round_trippers.go:574] Response Status: 200 OK in 0 milliseconds I0424 04:46:21.158991 3153542 round_trippers.go:577] Response Headers: I0424 04:46:21.158996 3153542 round_trippers.go:580] X-Kubernetes-Pf-Flowschema-Uid: 6532a2cf-3af6-4dd2-bd57-536fca5c3563 I0424 04:46:21.159002 3153542 round_trippers.go:580] X-Kubernetes-Pf-Prioritylevel-Uid: 9ef1b685-33ec-43d7-8c1f-27f54f5a1836 I0424 04:46:21.159007 3153542 round_trippers.go:580] Content-Length: 573 I0424 04:46:21.159012 3153542 round_trippers.go:580] Date: Mon, 24 Apr 2023 10:45:16 GMT I0424 04:46:21.159016 3153542 round_trippers.go:580] Audit-Id: f6ccaa21-485a-49f8-a77d-4d80c5d548eb I0424 04:46:21.159021 3153542 round_trippers.go:580] Cache-Control: no-cache, private I0424 04:46:21.159026 3153542 round_trippers.go:580] Content-Type: application/json I0424 04:46:21.159031 3153542 round_trippers.go:580] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload I0424 04:46:21.190137 3153542 request_token.go:467] falling back to kubeconfig CA due to possible x509 error: x509: certificate signed by unknown authority I0424 04:46:21.190188 3153542 round_trippers.go:463] GET https://oauth-openshift.apps.xj.cars.lab/oauth/authorize?client_id=openshift-challenging-client&code_challenge=Vkn7G_ph-Mf6Hs0N9eNxePuDGL7Eu6V2TNx2XAghxkk&code_challenge_method=S256&redirect_uri=https%3A%2F%2Foauth-openshift.apps.xj.cars.lab%2Foauth%2Ftoken%2Fimplicit&response_type=code I0424 04:46:21.190198 3153542 round_trippers.go:469] Request Headers: I0424 04:46:21.190209 3153542 round_trippers.go:473] X-Csrf-Token: 1 I0424 04:46:21.195990 3153542 round_trippers.go:574] Response Status: in 5 milliseconds I0424 04:46:21.196007 3153542 round_trippers.go:577] Response Headers: I0424 04:46:21.196237 3153542 round_trippers.go:463] GET https://api.xj.cars.lab:6443/api/v1/namespaces/openshift/configmaps/motd I0424 04:46:21.196245 3153542 round_trippers.go:469] Request Headers: I0424 04:46:21.196253 3153542 round_trippers.go:473] User-Agent: oc/4.12.0 (linux/amd64) kubernetes/31aa3e8 I0424 04:46:21.196259 3153542 round_trippers.go:473] Accept: application/json, */* I0424 04:46:21.197587 3153542 round_trippers.go:574] Response Status: 403 Forbidden in 1 milliseconds I0424 04:46:21.197605 3153542 round_trippers.go:577] Response Headers: I0424 04:46:21.197613 3153542 round_trippers.go:580] X-Kubernetes-Pf-Flowschema-Uid: 6532a2cf-3af6-4dd2-bd57-536fca5c3563 I0424 04:46:21.197622 3153542 round_trippers.go:580] Audit-Id: 2eb13c5b-992b-479e-8807-172ae9ba58b0 I0424 04:46:21.197631 3153542 round_trippers.go:580] Cache-Control: no-cache, private I0424 04:46:21.197648 3153542 round_trippers.go:580] Content-Type: application/json I0424 04:46:21.197657 3153542 round_trippers.go:580] Content-Length: 303 I0424 04:46:21.197666 3153542 round_trippers.go:580] Date: Mon, 24 Apr 2023 10:45:16 GMT I0424 04:46:21.197677 3153542 round_trippers.go:580] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload I0424 04:46:21.197688 3153542 round_trippers.go:580] X-Content-Type-Options: nosniff I0424 04:46:21.197699 3153542 round_trippers.go:580] X-Kubernetes-Pf-Prioritylevel-Uid: 9ef1b685-33ec-43d7-8c1f-27f54f5a1836 I0424 04:46:21.197721 3153542 request.go:1154] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"configmaps \"motd\" is forbidden: User \"system:anonymous\" cannot get resource \"configmaps\" in API group \"\" in the namespace \"openshift\"","reason":"Forbidden","details":{"name":"motd","kind":"configmaps"},"code":403} error: x509: certificate signed by unknown authority

login is successful