$docker ps
CONTAINER ID   IMAGE                  COMMAND                  CREATED         STATUS          PORTS                       NAMES
5a457e85ff0b   kindest/node:v1.22.4   "/usr/local/bin/entr…"   12 months ago   Up 29 minutes   127.0.0.1:57994->6443/tcp   fluid-dev-control-plane

$ docker exec -ti 5a457e85ff0b /bin/bash

$ kubeadm certs -h
Commands related to handling kubernetes certificates

Usage:
  kubeadm certs [command]

Aliases:
  certs, certificates

Available Commands:
  certificate-key  Generate certificate keys
  check-expiration Check certificates expiration for a Kubernetes cluster
  generate-csr     Generate keys and certificate signing requests
  renew            Renew certificates for a Kubernetes cluster

Flags:
  -h, --help   help for certs

Global Flags:
      --add-dir-header           If true, adds the file directory to the header of the log messages
      --log-file string          If non-empty, use this log file
      --log-file-max-size uint   Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --one-output               If true, only write logs to their native severity level (vs also writing to each lower severity level)
      --rootfs string            [EXPERIMENTAL] The path to the 'real' host root filesystem.
      --skip-headers             If true, avoid header prefixes in the log messages
      --skip-log-headers         If true, avoid headers when opening log files
  -v, --v Level                  number for the log level verbosity

Use "kubeadm certs [command] --help" for more information about a command.

renew

$ kubeadm certs renew all
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[renew] Error reading configuration from the Cluster. Falling back to default configuration

certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed

Done renewing certificates. You must restart the kube-apiserver, kube-controller-manager, kube-scheduler and etcd, so that they can use the new certificates.

$ exit
$ docker restart 5a457e85ff0b