mkdirkube-control-plane-signercd$_kubectlgetsecrets-nopenshift-kube-apiserver-operator\kube-control-plane-signer\-ojsonpath="{.data.tls\.crt}"\|base64-d>kube-control-plane-signer.crt
kubectlgetsecrets-nopenshift-kube-apiserver-operator\kube-control-plane-signer\-ojsonpath="{.data.tls\.key}"\|base64-d>kube-control-plane-signer.key
kubectlgetsecret-nopenshift-kube-scheduler\kube-scheduler-client-cert-key\-ojsonpath="{.data.tls\.key}"\|base64-d>openshift-kube-scheduler.key
# Create new certificate requestopensslreq-new\-keyopenshift-kube-scheduler.key\-outopenshift-kube-scheduler.csr\-subj"/CN=system:kube-scheduler"# Sign certificate request - only one day to enforce renewal by OpenShiftopensslx509-req\-inopenshift-kube-scheduler.csr\-CAkube-control-plane-signer.crt\-CAkeykube-control-plane-signer.key\-CAcreateserial\-outopenshift-kube-scheduler.crt\-days1# Update secretkubectlcreatesecrettlskube-scheduler-client-cert-key\--namespaceopenshift-kube-scheduler\--save-config--dry-run=client\--key=openshift-kube-scheduler.key\--cert=openshift-kube-scheduler.crt\-oyaml|kubectlapply-f-
Check kube-scheduler-cert-syncer and kube-scheduler: