To Reproduce Steps to reproduce the behavior:

Octavia client certs are not being renewed. This already happened in few of our development environments. This causes issues with provisioning new amphoras, as octavia-worker is unable to establish tls connection to the vms.

❯ oc get secret octavia-certs-secret -o json | jq -r '.data."client.cert-and-key.pem"' | base64 -d | openssl x509 -noout -dates
notBefore=Apr 25 08:29:08 2025 GMT
notAfter=May 25 08:29:08 2025 GMT

❯ oc get openstackversions.core.openstack.org

NAME TARGET VERSION AVAILABLE VERSION DEPLOYED VERSION
openstack-control-plane 18.0.6-20250403.1 18.0.8-20250505.2 18.0.6-20250403.1

Expected behavior

Octavia client certs should be renewed

Bug impact

Octavia is unable to manage and create amphoras

Additional context

RHOSO FR2 Deployment with DCN/DZ architecture