1. Proposed title of this feature request 
   [RHOCP4.17] Provide a way to rotate "kubelet-bootstrap-kubeconfig-ca" certificate for using OpenShift for more than 10 years
   2. What is the nature and description of the request?
   As of now, no capability to rotate 10-years certificates has been a bottle neck for using OpenShift for more than 10 years continuously. Since version 4.17, OpenShift can rotate most of the 10-years certificates. But there is still no way to rotate "kubelet-bootstrap-kubeconfig-ca"[1][2], even manually. The first version of OpenShift 4 was released on June 4, 2019. So it's been more than 5-years. Now is the good time to implement the rotation for "kubelet-bootstrap-kubeconfig-ca". Please provide a way to rotate "kubelet-bootstrap-kubeconfig-ca" certificate. [1] https://github.com/openshift/cluster-kube-apiserver-operator/blob/release-4.17/bindata/bootkube/manifests/configmap-kubelet-bootstrap-kubeconfig-ca.yaml [2] https://docs.openshift.com/container-platform/4.17/security/certificate_types_descriptions/bootstrap-certificates.html
   3. Why does the customer need this? (List the business requirements here
   The "kubelet-bootstrap-kubeconfig-ca" certificate is needed for the initialization of kubelet when a new work node start up. User cannot add a new node to cluster after 10 years if they cannot rotate the "kubelet-bootstrap-kubeconfig-ca" certificate. 
   4. List any affected packages or components.
   kubelet 

cluster-kube-apiserver-operator