After restore from etcd backup, k8s api returning 401 unauthorized to pods

More details here: https://github.com/rancher/rancher/issues/8388

I’m assuming that somehow the tokens that pods are using to contact the k8s api are invalid. Any ideas on how to reset the API authentication? Restart the API service?

k8s api just prints verification errors over and over:

1 handlers.go:58] Unable to authenticate the request due to an error: crypto/rsa: verification error

Figured out that the service account tokens were no longer valid after the restore for some reason. Had to delete the secrets and delete the pods using the secrets.