I have a customer who is getting alerts regarding an expiring kube-admin.pem certificate on their single node setup. It’s located in /etc/kubernetes/ssl together with the other certs on the master nodes.
I’m a bit confused because on all other clusters (own test cluster + other customer) we can’t find this particular certificate anywhere. Is this because it’s an air-gapped setup? The only mentions I find are in RKE documents but this is a single node setup with a custom cluster and not an RKE.
Can we rotate this cert manually with openssl and are there additional steps to take to get the cluster to accept the new cert?