Renew the certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself
Renew the certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself.
Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.
Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.
After renewal, in order to make changes effective, is is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
kubeadm alpha certs renew admin.conf [flags]
--cert-dir string The path where to save the certificates (default "/etc/kubernetes/pki") --config string Path to a kubeadm configuration file. --csr-dir string The path to output the CSRs and private keys to --csr-only Create CSRs instead of generating certificates -h, --help help for admin.conf --kubeconfig string The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf") --use-api Use the Kubernetes certificate API to renew certificates
--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.
Was this page helpful?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.