Re generating TLS cert for kube-api, and other "re-initilization" of K3s

I’m experimenting with using k3s for a new project I’m working on. A question I have today is whether it’s possible for me to “re-initialize” a single node k3s cluster.

For example, I may have a node that I shutdown and then later startup again. And when it starts up, It will have a different public IP address. I would like to force the re-generation of the kube api TLS cert (with a new IP in the SAN cert).

I know I can probably uninstall and re-install pretty quickly, but I’m also interested in possibly retaining the workloads that were previously deployed.

I’m not finding anything in the docs for the k3s cli that resemble a “modify the cluster as it’s running” operation.

I’m also interested in forcing a re-generation of the admin kubeconfig credentials.

I know this might be doable within the cluster, but looking for a higher level option with the k3s cli.

One option I’m considering is backing up the data store, uninstall, reinstall (to regenerate the auth and cert) and then restore the data store.