I am trying to build a new kubernetes cluster. My VMs have two interfaces, when I installed kubeadm it picked up the interface that I didn’t want ( I forgot to mention the apiserver advertise address). So I modified the file at /etc/kubernetes/admin.conf to reflect the IP of the interface to be used.
Then I discovered that the certificate is not valid for this name.
I recreated an SSL certificate using the CA cert with the additional IP address in SAN, now kubectl is not picking up this certificate. Is there a way to make kubernetes pick this up without running ‘kubeadm reset’ ?
I have come across articles mentioning how to renew certificates, but in production if we need to add an additional SAN name to the SSL certificate of apiserver or other components, how do we do it?