I have found about renewing kubelet.crt

check if kubelet.crt is expired

echo -n | openssl s_client -connect localhost:10250 2>&1 | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ | openssl x509 -text -noout | grep -A 2 Validity

Auto-rotate Setting about kubele.crt

vi /var/snap/microk8s/current/args/kubelet

Adding below 3 lines

–rotate-certificates=true
–rotate-server-certificates=true
–tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

micok8s stop;microk8s start

microk8s kubectl get csr
microk8s kubectl certificate approve

check if kubelet.crt is renewed

echo -n | openssl s_client -connect localhost:10250 2>&1 | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ | openssl x509 -text -noout | grep -A 2 Validity

cd /var/snap/microk8s/current/certs
ls
kubelet-client-current.pem
kubelet-server-current.pem