Kube-admin.pem expiring on single-node air-gap cluster

I have a customer who is getting alerts regarding an expiring kube-admin.pem certificate on their single node setup. It’s located in /etc/kubernetes/ssl together with the other certs on the master nodes.

I’m a bit confused because on all other clusters (own test cluster + other customer) we can’t find this particular certificate anywhere. Is this because it’s an air-gapped setup? The only mentions I find are in RKE documents but this is a single node setup with a custom cluster and not an RKE.

Can we rotate this cert manually with openssl and are there additional steps to take to get the cluster to accept the new cert?

any update were you able to rotate using openssl on this I rotated all my certificates using the rancher manual but kube-admin.pem is not rotated.

I’ve also facing the same question. kube-admin seems not to be updated. I’ve renamed it on one node and will watch if the cluster contains to be operational.