Merge pull request #30146 from neolit123/1.23-update-ts-guide-for-cert-rotation

kubeadm/TS guide: fix a misleading step about cert rotation

Author: k8s-ci-robot

content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md

@@ -224,9 +224,17 @@ the `ca.key` you must sign the embedded certificates in the `kubelet.conf` exter
 1. Copy this resulted `kubelet.conf` to `/etc/kubernetes/kubelet.conf` on the failed node.
 1. Restart the kubelet (`systemctl restart kubelet`) on the failed node and wait for
 `/var/lib/kubelet/pki/kubelet-client-current.pem` to be recreated.
-1. Run `kubeadm init phase kubelet-finalize all` on the failed node. This will make the new
-`kubelet.conf` file use `/var/lib/kubelet/pki/kubelet-client-current.pem` and will restart the kubelet.
+1. Manually edit the `kubelet.conf` to point to the rotated kubelet client certificates, by replacing
+`client-certificate-data` and `client-key-data` with:
+
+    ```yaml
+    client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem
+    client-key: /var/lib/kubelet/pki/kubelet-client-current.pem
+    ```
+
+1. Restart the kubelet.
 1. Make sure the node becomes `Ready`.
+
 ## Default NIC When using flannel as the pod network in Vagrant
 
 The following error might indicate that something was wrong in the pod network: