You are viewing documentation for Kubernetes version: v1.18
Kubernetes v1.18 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.
Synopsis
Renew the certificate for the API server to connect to kubelet.
Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.
Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.
After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
kubeadm alpha certs renew apiserver-kubelet-client [flags]
Options
| --cert-dir string Default: "/etc/kubernetes/pki" | |
| The path where to save the certificates | |
| --config string | |
| Path to a kubeadm configuration file. | |
| --csr-dir string | |
| The path to output the CSRs and private keys to | |
| --csr-only | |
| Create CSRs instead of generating certificates | |
| -h, --help | |
| help for apiserver-kubelet-client | |
| --kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
| The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. | |
Options inherited from parent commands
| --rootfs string | |
| [EXPERIMENTAL] The path to the 'real' host root filesystem. | |