diff --git a/pkg/operator/certrotationtimeupgradeablecontroller/certrotationtime_upgradeable.go b/pkg/operator/certrotationtimeupgradeablecontroller/certrotationtime_upgradeable.go
deleted file mode 100644
index 86b2915c0e..0000000000
--- a/pkg/operator/certrotationtimeupgradeablecontroller/certrotationtime_upgradeable.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package certrotationtimeupgradeablecontroller
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	operatorv1 "github.com/openshift/api/operator/v1"
-	"github.com/openshift/library-go/pkg/controller/factory"
-	"github.com/openshift/library-go/pkg/operator/events"
-	"github.com/openshift/library-go/pkg/operator/v1helpers"
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	coreinformersv1 "k8s.io/client-go/informers/core/v1"
-	corelistersv1 "k8s.io/client-go/listers/core/v1"
-)
-
-var (
-	certRotationTimeUpgradeableControllerWorkQueueKey = "key"
-)
-
-// CertRotationTimeUpgradeableController is a controller that sets upgradeable=false if the cert rotation time has been adjusted.
-type CertRotationTimeUpgradeableController struct {
-	operatorClient  v1helpers.OperatorClient
-	configMapLister corelistersv1.ConfigMapLister
-}
-
-func NewCertRotationTimeUpgradeableController(
-	operatorClient v1helpers.OperatorClient,
-	configMapInformer coreinformersv1.ConfigMapInformer,
-	eventRecorder events.Recorder,
-) factory.Controller {
-	c := &CertRotationTimeUpgradeableController{
-		operatorClient:  operatorClient,
-		configMapLister: configMapInformer.Lister(),
-	}
-
-	return factory.New().WithInformers(
-		operatorClient.Informer(),
-		configMapInformer.Informer(),
-	).WithSync(c.sync).ResyncEvery(time.Minute).ToController("CertRotationTimeUpgradeableController", eventRecorder.WithComponentSuffix("certRotationTime-upgradeable"))
-}
-
-func (c *CertRotationTimeUpgradeableController) sync(ctx context.Context, syncContext factory.SyncContext) error {
-	certRotationTimeConfigMap, err := c.configMapLister.ConfigMaps("openshift-config").Get("unsupported-cert-rotation-config")
-	if !errors.IsNotFound(err) && err != nil {
-		return err
-	}
-
-	cond := newUpgradeableCondition(certRotationTimeConfigMap)
-	if _, _, updateError := v1helpers.UpdateStatus(ctx, c.operatorClient, v1helpers.UpdateConditionFn(cond)); updateError != nil {
-		return updateError
-	}
-
-	return nil
-}
-
-func newUpgradeableCondition(certRotationTimeConfigMap *corev1.ConfigMap) operatorv1.OperatorCondition {
-	if certRotationTimeConfigMap == nil || len(certRotationTimeConfigMap.Data["base"]) == 0 {
-		return operatorv1.OperatorCondition{
-			Type:   "CertRotationTimeUpgradeable",
-			Status: operatorv1.ConditionTrue,
-			Reason: "DefaultCertRotationBase",
-		}
-	}
-
-	return operatorv1.OperatorCondition{
-		Type:    "CertRotationTimeUpgradeable",
-		Status:  operatorv1.ConditionFalse,
-		Reason:  "CertRotationBaseOverridden",
-		Message: fmt.Sprintf("configmap[%q]/%s .data[\"base\"]==%q", certRotationTimeConfigMap.Namespace, certRotationTimeConfigMap.Name, certRotationTimeConfigMap.Data["base"]),
-	}
-
-}
diff --git a/pkg/operator/certrotationtimeupgradeablecontroller/certrotationtime_upgradeable_test.go b/pkg/operator/certrotationtimeupgradeablecontroller/certrotationtime_upgradeable_test.go
deleted file mode 100644
index f031c80991..0000000000
--- a/pkg/operator/certrotationtimeupgradeablecontroller/certrotationtime_upgradeable_test.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package certrotationtimeupgradeablecontroller
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/davecgh/go-spew/spew"
-	operatorv1 "github.com/openshift/api/operator/v1"
-	corev1 "k8s.io/api/core/v1"
-)
-
-func TestNewUpgradeableCondition(t *testing.T) {
-	tests := []struct {
-		name string
-
-		input    map[string]string
-		expected operatorv1.OperatorCondition
-	}{
-		{
-			name:  "default",
-			input: map[string]string{},
-			expected: operatorv1.OperatorCondition{
-				Type:   "CertRotationTimeUpgradeable",
-				Status: "True",
-				Reason: "DefaultCertRotationBase",
-			},
-		},
-		{
-			name:  "unknown",
-			input: map[string]string{"other": ""},
-			expected: operatorv1.OperatorCondition{
-				Type:   "CertRotationTimeUpgradeable",
-				Status: "True",
-				Reason: "DefaultCertRotationBase",
-			},
-		},
-		{
-			name:  "changed",
-			input: map[string]string{"base": "2y"},
-			expected: operatorv1.OperatorCondition{
-				Type:    "CertRotationTimeUpgradeable",
-				Status:  "False",
-				Reason:  "CertRotationBaseOverridden",
-				Message: "configmap[\"\"]/ .data[\"base\"]==\"2y\"",
-			},
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			actual := newUpgradeableCondition(&corev1.ConfigMap{
-				Data: test.input,
-			})
-
-			if !reflect.DeepEqual(test.expected, actual) {
-				t.Fatal(spew.Sdump(actual))
-			}
-		})
-	}
-}
diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go
index 8b1dd3aa4c..d1b78799b1 100644
--- a/pkg/operator/starter.go
+++ b/pkg/operator/starter.go
@@ -23,7 +23,6 @@ import (
 	"github.com/openshift/cluster-kube-apiserver-operator/bindata"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/boundsatokensignercontroller"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/certrotationcontroller"
-	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/certrotationtimeupgradeablecontroller"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configmetrics"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configobservation/apienablement"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configobservation/auth"
@@ -413,12 +412,6 @@ func RunOperator(ctx context.Context, controllerContext *controllercmd.Controlle
 		return err
 	}
 
-	certRotationTimeUpgradeableController := certrotationtimeupgradeablecontroller.NewCertRotationTimeUpgradeableController(
-		operatorClient,
-		kubeInformersForNamespaces.InformersFor(operatorclient.GlobalUserSpecifiedConfigNamespace).Core().V1().ConfigMaps(),
-		controllerContext.EventRecorder.WithComponentSuffix("cert-rotation-controller"),
-	)
-
 	terminationObserver := terminationobserver.NewTerminationObserver(
 		operatorclient.TargetNamespace,
 		kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace),
@@ -526,7 +519,6 @@ func RunOperator(ctx context.Context, controllerContext *controllercmd.Controlle
 	go clusterOperatorStatus.Run(ctx, 1)
 	go certRotationController.Run(ctx, 1)
 	go encryptionControllers.Run(ctx, 1)
-	go certRotationTimeUpgradeableController.Run(ctx, 1)
 	go terminationObserver.Run(ctx, 1)
 	go eventWatcher.Run(ctx, 1)
 	go boundSATokenSignerController.Run(ctx, 1)
diff --git a/test/e2e/certrotation_test.go b/test/e2e/certrotation_test.go
deleted file mode 100644
index 1c023bc369..0000000000
--- a/test/e2e/certrotation_test.go
+++ /dev/null
@@ -1,146 +0,0 @@
-package e2e
-
-import (
-	"context"
-	"fmt"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/require"
-
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/wait"
-	"k8s.io/client-go/kubernetes"
-	"k8s.io/utils/clock"
-
-	configv1 "github.com/openshift/api/config/v1"
-	operatorv1 "github.com/openshift/api/operator/v1"
-	configclient "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
-	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator"
-	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/operatorclient"
-	test "github.com/openshift/cluster-kube-apiserver-operator/test/library"
-	configv1helpers "github.com/openshift/library-go/pkg/config/clusteroperator/v1helpers"
-	"github.com/openshift/library-go/pkg/operator/genericoperatorclient"
-	"github.com/openshift/library-go/pkg/operator/v1helpers"
-)
-
-func TestCertRotationTimeUpgradeable(t *testing.T) {
-	kubeConfig, err := test.NewClientConfigForTest()
-	require.NoError(t, err)
-	operatorClient, _, err := genericoperatorclient.NewStaticPodOperatorClient(
-		clock.RealClock{},
-		kubeConfig,
-		operatorv1.GroupVersion.WithResource("kubeapiservers"),
-		operatorv1.GroupVersion.WithKind("KubeAPIServer"),
-		operator.ExtractStaticPodOperatorSpec,
-		operator.ExtractStaticPodOperatorStatus)
-	require.NoError(t, err)
-	configClient, err := configclient.NewForConfig(kubeConfig)
-	require.NoError(t, err)
-
-	ctx := context.Background()
-	_, operatorStatus, _, err := operatorClient.GetStaticPodOperatorStateWithQuorum(ctx)
-	require.NoError(t, err)
-	require.True(t, v1helpers.IsOperatorConditionTrue(operatorStatus.Conditions, "CertRotationTimeUpgradeable"))
-
-	kubeClient := kubernetes.NewForConfigOrDie(kubeConfig)
-	t.Logf("Creating unsupported-cert-rotation-config...")
-	_, err = kubeClient.CoreV1().ConfigMaps(operatorclient.GlobalUserSpecifiedConfigNamespace).Create(context.TODO(), &corev1.ConfigMap{
-		ObjectMeta: metav1.ObjectMeta{Namespace: operatorclient.GlobalUserSpecifiedConfigNamespace, Name: "unsupported-cert-rotation-config"},
-		Data:       map[string]string{"base": "2y"},
-	}, metav1.CreateOptions{})
-	require.NoError(t, err)
-	defer func() {
-		kubeClient.CoreV1().ConfigMaps(operatorclient.GlobalUserSpecifiedConfigNamespace).Delete(context.TODO(), "unsupported-cert-rotation-config", metav1.DeleteOptions{})
-	}()
-
-	err = wait.PollImmediate(1*time.Second, 5*time.Second, func() (bool, error) {
-		_, operatorStatus, _, err := operatorClient.GetStaticPodOperatorStateWithQuorum(ctx)
-		if err != nil {
-			return false, err
-		}
-		clusteroperator, err := configClient.ClusterOperators().Get(context.TODO(), "kube-apiserver", metav1.GetOptions{})
-		if err != nil {
-			return false, err
-		}
-
-		certRotationCondition := v1helpers.FindOperatorCondition(operatorStatus.Conditions, "CertRotationTimeUpgradeable")
-		upgradeableCondition := configv1helpers.FindStatusCondition(clusteroperator.Status.Conditions, "Upgradeable")
-		if certRotationCondition == nil || upgradeableCondition == nil {
-			return false, fmt.Errorf("Couldn't find CertRotationTimeUpgradeable or Upgradeable condition")
-		}
-		if certRotationCondition.Status == operatorv1.ConditionFalse &&
-			upgradeableCondition.Status == configv1.ConditionFalse && strings.Contains(upgradeableCondition.Reason, "CertRotationTime") {
-			return true, nil
-		}
-		t.Logf("\nCertRotationTimeUpgradeable: %#v\nUpgradeable: %#v", certRotationCondition, upgradeableCondition)
-		return false, nil
-	})
-	require.NoError(t, err)
-
-	t.Logf("Removing unsupported-cert-rotation-config...")
-	err = kubeClient.CoreV1().ConfigMaps(operatorclient.GlobalUserSpecifiedConfigNamespace).Delete(context.TODO(), "unsupported-cert-rotation-config", metav1.DeleteOptions{})
-	require.NoError(t, err)
-
-	err = wait.PollImmediate(1*time.Second, 5*time.Second, func() (bool, error) {
-		_, operatorStatus, _, err := operatorClient.GetStaticPodOperatorStateWithQuorum(ctx)
-		if err != nil {
-			return false, err
-		}
-		clusteroperator, err := configClient.ClusterOperators().Get(context.TODO(), "kube-apiserver", metav1.GetOptions{})
-		if err != nil {
-			return false, err
-		}
-		certRotationCondition := v1helpers.FindOperatorCondition(operatorStatus.Conditions, "CertRotationTimeUpgradeable")
-		upgradeableCondition := configv1helpers.FindStatusCondition(clusteroperator.Status.Conditions, "Upgradeable")
-		if certRotationCondition == nil || upgradeableCondition == nil {
-			return false, fmt.Errorf("Couldn't find CertRotationTimeUpgradeable or Upgradeable condition")
-		}
-		if certRotationCondition.Status == operatorv1.ConditionTrue &&
-			(upgradeableCondition.Status == configv1.ConditionTrue || !strings.Contains(upgradeableCondition.Reason, "CertRotationTime")) {
-			return true, nil
-		}
-		t.Logf("\nCertRotationTimeUpgradeable: %#v\nUpgradeable: %#v", certRotationCondition, upgradeableCondition)
-		return false, nil
-	})
-	require.NoError(t, err)
-}
-
-func TestCertRotationStompOnBadType(t *testing.T) {
-	kubeConfig, err := test.NewClientConfigForTest()
-	require.NoError(t, err)
-	kubeClient := kubernetes.NewForConfigOrDie(kubeConfig)
-
-	// this is inherently racy against a controller
-	err = wait.PollImmediate(10*time.Millisecond, 5*time.Second, func() (done bool, err error) {
-		if err := kubeClient.CoreV1().Secrets(operatorclient.OperatorNamespace).Delete(context.TODO(), "aggregator-client-signer", metav1.DeleteOptions{}); err != nil {
-			return false, nil
-		}
-		if _, err := kubeClient.CoreV1().Secrets(operatorclient.OperatorNamespace).Create(context.TODO(), &corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{Namespace: operatorclient.OperatorNamespace, Name: "aggregator-client-signer"},
-			Type:       "SecretTypeTLS",
-		}, metav1.CreateOptions{}); err != nil {
-			return false, nil
-		}
-		return true, nil
-	})
-	require.NoError(t, err)
-
-	err = wait.PollImmediate(100*time.Millisecond, 30*time.Second, func() (done bool, err error) {
-		curr, err := kubeClient.CoreV1().Secrets(operatorclient.OperatorNamespace).Get(context.TODO(), "aggregator-client-signer", metav1.GetOptions{})
-		if errors.IsNotFound(err) {
-			return false, nil
-		}
-		if err != nil {
-			return false, err
-		}
-		if curr.Type == corev1.SecretTypeTLS {
-			return true, nil
-		}
-		return false, nil
-	})
-	require.NoError(t, err)
-}