Renew the certificate for the API server to connect to kubelet
Renew the certificate for the API server to connect to kubelet.
Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.
Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.
After renewal, in order to make changes effective, is is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
kubeadm alpha certs renew apiserver-kubelet-client [flags]
--cert-dir string The path where to save the certificates (default "/etc/kubernetes/pki") --config string Path to a kubeadm configuration file. --csr-dir string The path to output the CSRs and private keys to --csr-only Create CSRs instead of generating certificates -h, --help help for apiserver-kubelet-client --kubeconfig string The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf") --use-api Use the Kubernetes certificate API to renew certificates
--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.
Was this page helpful?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.