From c58f8c107a67da1eda85066b1726887c0c8eba7c Mon Sep 17 00:00:00 2001
From: "Lubomir I. Ivanov" <lubomirivanov@vmware.com>
Date: Wed, 7 Oct 2020 19:26:36 +0300
Subject: [PATCH] kubeadm: promote the "kubeadm certs" command to GA

The command resided under "kubeadm alpha certs".
It will be promoted to GA in 1.20 as "kubeadm certs".

The existing command "kubeadm alpha" will
remain present for one more release, but it will be hidden
from documentation as it is deprecated.
---
 ...ubeadm_alpha_certs.md => kubeadm_certs.md} |  0
 ...ey.md => kubeadm_certs_certificate-key.md} |  2 +-
 ...n.md => kubeadm_certs_check-expiration.md} |  2 +-
 ...e-csr.md => kubeadm_certs_generate-csr.md} |  4 +-
 ..._certs_renew.md => kubeadm_certs_renew.md} |  2 +-
 ...f.md => kubeadm_certs_renew_admin.conf.md} |  2 +-
 ...enew_all.md => kubeadm_certs_renew_all.md} |  2 +-
 ...eadm_certs_renew_apiserver-etcd-client.md} |  2 +-
 ...m_certs_renew_apiserver-kubelet-client.md} |  2 +-
 ...er.md => kubeadm_certs_renew_apiserver.md} |  2 +-
 ...dm_certs_renew_controller-manager.conf.md} |  2 +-
 ...dm_certs_renew_etcd-healthcheck-client.md} |  2 +-
 ...er.md => kubeadm_certs_renew_etcd-peer.md} |  2 +-
 ....md => kubeadm_certs_renew_etcd-server.md} |  2 +-
 ...kubeadm_certs_renew_front-proxy-client.md} |  2 +-
 ... => kubeadm_certs_renew_scheduler.conf.md} |  2 +-
 .../setup-tools/kubeadm/kubeadm-alpha.md      | 42 --------------
 .../setup-tools/kubeadm/kubeadm-certs.md      | 56 +++++++++++++++++++
 .../setup-tools/kubeadm/kubeadm-init.md       |  4 +-
 .../tools/kubeadm/high-availability.md        |  6 +-
 .../kubeadm/kubeadm-certs.md                  | 16 +++---
 21 files changed, 85 insertions(+), 71 deletions(-)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs.md => kubeadm_certs.md} (100%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_certificate-key.md => kubeadm_certs_certificate-key.md} (95%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_check-expiration.md => kubeadm_certs_check-expiration.md} (97%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_generate-csr.md => kubeadm_certs_generate-csr.md} (94%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew.md => kubeadm_certs_renew.md} (95%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew_admin.conf.md => kubeadm_certs_renew_admin.conf.md} (98%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew_all.md => kubeadm_certs_renew_all.md} (98%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew_apiserver-etcd-client.md => kubeadm_certs_renew_apiserver-etcd-client.md} (97%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew_apiserver-kubelet-client.md => kubeadm_certs_renew_apiserver-kubelet-client.md} (97%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew_apiserver.md => kubeadm_certs_renew_apiserver.md} (98%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew_controller-manager.conf.md => kubeadm_certs_renew_controller-manager.conf.md} (97%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew_etcd-healthcheck-client.md => kubeadm_certs_renew_etcd-healthcheck-client.md} (97%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew_etcd-peer.md => kubeadm_certs_renew_etcd-peer.md} (98%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew_etcd-server.md => kubeadm_certs_renew_etcd-server.md} (98%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew_front-proxy-client.md => kubeadm_certs_renew_front-proxy-client.md} (97%)
 rename content/en/docs/reference/setup-tools/kubeadm/generated/{kubeadm_alpha_certs_renew_scheduler.conf.md => kubeadm_certs_renew_scheduler.conf.md} (98%)
 create mode 100644 content/en/docs/reference/setup-tools/kubeadm/kubeadm-certs.md

diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs.md
similarity index 100%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs.md
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_certificate-key.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_certificate-key.md
similarity index 95%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_certificate-key.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_certificate-key.md
index 534851d42ba7f..2de0366641d70 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_certificate-key.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_certificate-key.md
@@ -11,7 +11,7 @@ generate and print one for you.
 
 
 ```
-kubeadm alpha certs certificate-key [flags]
+kubeadm certs certificate-key [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_check-expiration.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_check-expiration.md
similarity index 97%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_check-expiration.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_check-expiration.md
index 5f51836f25a2b..50a3cb8bf29c0 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_check-expiration.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_check-expiration.md
@@ -5,7 +5,7 @@
 Checks expiration for the certificates in the local PKI managed by kubeadm.
 
 ```
-kubeadm alpha certs check-expiration [flags]
+kubeadm certs check-expiration [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_generate-csr.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_generate-csr.md
similarity index 94%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_generate-csr.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_generate-csr.md
index 3e0bc4828f058..afa8374577252 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_generate-csr.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_generate-csr.md
@@ -9,14 +9,14 @@ This command is designed for use in [Kubeadm External CA Mode](https://kubernete
 The PEM encoded signed certificates should then be saved alongside the key files, using ".crt" as the file extension, or in the case of kubeconfig files, the PEM encoded signed certificate should be base64 encoded and added to the kubeconfig file in the "users &gt; user &gt; client-certificate-data" field.
 
 ```
-kubeadm alpha certs generate-csr [flags]
+kubeadm certs generate-csr [flags]
 ```
 
 ### Examples
 
 ```
   # The following command will generate keys and CSRs for all control-plane certificates and kubeconfig files:
-  kubeadm alpha certs generate-csr --kubeconfig-dir /tmp/etc-k8s --cert-dir /tmp/etc-k8s/pki
+  kubeadm certs generate-csr --kubeconfig-dir /tmp/etc-k8s --cert-dir /tmp/etc-k8s/pki
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew.md
similarity index 95%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew.md
index e0bfc54c5b4e9..8b627a595d28f 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew.md
@@ -5,7 +5,7 @@
 This command is not meant to be run on its own. See list of available subcommands.
 
 ```
-kubeadm alpha certs renew [flags]
+kubeadm certs renew [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_admin.conf.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_admin.conf.md
similarity index 98%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_admin.conf.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_admin.conf.md
index 2c342c8bc6716..536164c45a7d7 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_admin.conf.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_admin.conf.md
@@ -11,7 +11,7 @@ Renewal by default tries to use the certificate authority in the local PKI manag
 After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
 
 ```
-kubeadm alpha certs renew admin.conf [flags]
+kubeadm certs renew admin.conf [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_all.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_all.md
similarity index 98%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_all.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_all.md
index 979bd4f5bc5ca..13c12ed0d0071 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_all.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_all.md
@@ -5,7 +5,7 @@
 Renew all known certificates necessary to run the control plane. Renewals are run unconditionally, regardless of expiration date. Renewals can also be run individually for more control.
 
 ```
-kubeadm alpha certs renew all [flags]
+kubeadm certs renew all [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_apiserver-etcd-client.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_apiserver-etcd-client.md
similarity index 97%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_apiserver-etcd-client.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_apiserver-etcd-client.md
index 9414ea2087cb9..fac6861a7c9dd 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_apiserver-etcd-client.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_apiserver-etcd-client.md
@@ -11,7 +11,7 @@ Renewal by default tries to use the certificate authority in the local PKI manag
 After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
 
 ```
-kubeadm alpha certs renew apiserver-etcd-client [flags]
+kubeadm certs renew apiserver-etcd-client [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_apiserver-kubelet-client.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_apiserver-kubelet-client.md
similarity index 97%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_apiserver-kubelet-client.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_apiserver-kubelet-client.md
index f945da440e176..030fb1425aeee 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_apiserver-kubelet-client.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_apiserver-kubelet-client.md
@@ -11,7 +11,7 @@ Renewal by default tries to use the certificate authority in the local PKI manag
 After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
 
 ```
-kubeadm alpha certs renew apiserver-kubelet-client [flags]
+kubeadm certs renew apiserver-kubelet-client [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_apiserver.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_apiserver.md
similarity index 98%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_apiserver.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_apiserver.md
index afbb0f97c4c1c..8ab01efd89c7b 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_apiserver.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_apiserver.md
@@ -11,7 +11,7 @@ Renewal by default tries to use the certificate authority in the local PKI manag
 After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
 
 ```
-kubeadm alpha certs renew apiserver [flags]
+kubeadm certs renew apiserver [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_controller-manager.conf.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_controller-manager.conf.md
similarity index 97%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_controller-manager.conf.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_controller-manager.conf.md
index 24792208313bd..10b44f7c3e8eb 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_controller-manager.conf.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_controller-manager.conf.md
@@ -11,7 +11,7 @@ Renewal by default tries to use the certificate authority in the local PKI manag
 After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
 
 ```
-kubeadm alpha certs renew controller-manager.conf [flags]
+kubeadm certs renew controller-manager.conf [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_etcd-healthcheck-client.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_etcd-healthcheck-client.md
similarity index 97%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_etcd-healthcheck-client.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_etcd-healthcheck-client.md
index 6076f031d56e4..b9ddadd6f14af 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_etcd-healthcheck-client.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_etcd-healthcheck-client.md
@@ -11,7 +11,7 @@ Renewal by default tries to use the certificate authority in the local PKI manag
 After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
 
 ```
-kubeadm alpha certs renew etcd-healthcheck-client [flags]
+kubeadm certs renew etcd-healthcheck-client [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_etcd-peer.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_etcd-peer.md
similarity index 98%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_etcd-peer.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_etcd-peer.md
index c19189fc86e1c..3b15fa02f0533 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_etcd-peer.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_etcd-peer.md
@@ -11,7 +11,7 @@ Renewal by default tries to use the certificate authority in the local PKI manag
 After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
 
 ```
-kubeadm alpha certs renew etcd-peer [flags]
+kubeadm certs renew etcd-peer [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_etcd-server.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_etcd-server.md
similarity index 98%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_etcd-server.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_etcd-server.md
index 8ba3e0f4a80c6..82b9e43e34bc7 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_etcd-server.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_etcd-server.md
@@ -11,7 +11,7 @@ Renewal by default tries to use the certificate authority in the local PKI manag
 After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
 
 ```
-kubeadm alpha certs renew etcd-server [flags]
+kubeadm certs renew etcd-server [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_front-proxy-client.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_front-proxy-client.md
similarity index 97%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_front-proxy-client.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_front-proxy-client.md
index c592d5ea91c19..b1f3bc0c840fd 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_front-proxy-client.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_front-proxy-client.md
@@ -11,7 +11,7 @@ Renewal by default tries to use the certificate authority in the local PKI manag
 After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
 
 ```
-kubeadm alpha certs renew front-proxy-client [flags]
+kubeadm certs renew front-proxy-client [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_scheduler.conf.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_scheduler.conf.md
similarity index 98%
rename from content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_scheduler.conf.md
rename to content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_scheduler.conf.md
index 3f3b6ca76f6a6..f26fbc22b16f1 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_certs_renew_scheduler.conf.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_scheduler.conf.md
@@ -11,7 +11,7 @@ Renewal by default tries to use the certificate authority in the local PKI manag
 After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.
 
 ```
-kubeadm alpha certs renew scheduler.conf [flags]
+kubeadm certs renew scheduler.conf [flags]
 ```
 
 ### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-alpha.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-alpha.md
index 21a6e628a8716..eaef0f5140219 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-alpha.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-alpha.md
@@ -1,7 +1,4 @@
 ---
-reviewers:
-- luxas
-- jbeda
 title: kubeadm alpha
 content_type: concept
 weight: 90
@@ -12,45 +9,6 @@ weight: 90
  from the community. Please try it out and give us feedback!
 {{< /caution >}}
 
-## kubeadm alpha certs renew {#cmd-certs-renew}
-
-You can renew all Kubernetes certificates using the `all` subcommand or renew them selectively.
-For more details about certificate expiration and renewal see the [certificate management documentation](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/).
-
-{{< tabs name="tab-certs-renew" >}}
-{{< tab name="renew" include="generated/kubeadm_alpha_certs_renew.md" />}}
-{{< tab name="all" include="generated/kubeadm_alpha_certs_renew_all.md" />}}
-{{< tab name="admin.conf" include="generated/kubeadm_alpha_certs_renew_admin.conf.md" />}}
-{{< tab name="apiserver-etcd-client" include="generated/kubeadm_alpha_certs_renew_apiserver-etcd-client.md" />}}
-{{< tab name="apiserver-kubelet-client" include="generated/kubeadm_alpha_certs_renew_apiserver-kubelet-client.md" />}}
-{{< tab name="apiserver" include="generated/kubeadm_alpha_certs_renew_apiserver.md" />}}
-{{< tab name="controller-manager.conf" include="generated/kubeadm_alpha_certs_renew_controller-manager.conf.md" />}}
-{{< tab name="etcd-healthcheck-client" include="generated/kubeadm_alpha_certs_renew_etcd-healthcheck-client.md" />}}
-{{< tab name="etcd-peer" include="generated/kubeadm_alpha_certs_renew_etcd-peer.md" />}}
-{{< tab name="etcd-server" include="generated/kubeadm_alpha_certs_renew_etcd-server.md" />}}
-{{< tab name="front-proxy-client" include="generated/kubeadm_alpha_certs_renew_front-proxy-client.md" />}}
-{{< tab name="scheduler.conf" include="generated/kubeadm_alpha_certs_renew_scheduler.conf.md" />}}
-{{< /tabs >}}
-
-## kubeadm alpha certs certificate-key {#cmd-certs-certificate-key}
-
-This command can be used to generate a new control-plane certificate key.
-The key can be passed as `--certificate-key` to `kubeadm init` and `kubeadm join`
-to enable the automatic copy of certificates when joining additional control-plane nodes.
-
-{{< tabs name="tab-certs-certificate-key" >}}
-{{< tab name="certificate-key" include="generated/kubeadm_alpha_certs_certificate-key.md" />}}
-{{< /tabs >}}
-
-## kubeadm alpha certs check-expiration {#cmd-certs-check-expiration}
-
-This command checks expiration for the certificates in the local PKI managed by kubeadm.
-For more details about certificate expiration and renewal see the [certificate management documentation](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/).
-
-{{< tabs name="tab-certs-check-expiration" >}}
-{{< tab name="check-expiration" include="generated/kubeadm_alpha_certs_check-expiration.md" />}}
-{{< /tabs >}}
-
 ## kubeadm alpha kubeconfig user {#cmd-phase-kubeconfig}
 
 The `user` subcommand can be used for the creation of kubeconfig files for additional users.
diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-certs.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-certs.md
new file mode 100644
index 0000000000000..f7c6039d90c09
--- /dev/null
+++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-certs.md
@@ -0,0 +1,56 @@
+---
+title: kubeadm certs
+content_type: concept
+weight: 90
+---
+
+`kubeadm certs` provides utilities for managing certificates.
+For more details on how these commands can be used, see
+[Certificate Management with kubeadm](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/).
+
+## kubeadm certs renew {#cmd-certs-renew}
+
+You can renew all Kubernetes certificates using the `all` subcommand or renew them selectively.
+For more details see [Manual certificate renewal](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#manual-certificate-renewal).
+
+{{< tabs name="tab-certs-renew" >}}
+{{< tab name="renew" include="generated/kubeadm_certs_renew.md" />}}
+{{< tab name="all" include="generated/kubeadm_certs_renew_all.md" />}}
+{{< tab name="admin.conf" include="generated/kubeadm_certs_renew_admin.conf.md" />}}
+{{< tab name="apiserver-etcd-client" include="generated/kubeadm_certs_renew_apiserver-etcd-client.md" />}}
+{{< tab name="apiserver-kubelet-client" include="generated/kubeadm_certs_renew_apiserver-kubelet-client.md" />}}
+{{< tab name="apiserver" include="generated/kubeadm_certs_renew_apiserver.md" />}}
+{{< tab name="controller-manager.conf" include="generated/kubeadm_certs_renew_controller-manager.conf.md" />}}
+{{< tab name="etcd-healthcheck-client" include="generated/kubeadm_certs_renew_etcd-healthcheck-client.md" />}}
+{{< tab name="etcd-peer" include="generated/kubeadm_certs_renew_etcd-peer.md" />}}
+{{< tab name="etcd-server" include="generated/kubeadm_certs_renew_etcd-server.md" />}}
+{{< tab name="front-proxy-client" include="generated/kubeadm_certs_renew_front-proxy-client.md" />}}
+{{< tab name="scheduler.conf" include="generated/kubeadm_certs_renew_scheduler.conf.md" />}}
+{{< /tabs >}}
+
+## kubeadm certs certificate-key {#cmd-certs-certificate-key}
+
+This command can be used to generate a new control-plane certificate key.
+The key can be passed as `--certificate-key` to [`kubeadm init`](/docs/reference/setup-tools/kubeadm/kubeadm-init)
+and [`kubeadm join`](/docs/reference/setup-tools/kubeadm/kubeadm-join)
+to enable the automatic copy of certificates when joining additional control-plane nodes.
+
+{{< tabs name="tab-certs-certificate-key" >}}
+{{< tab name="certificate-key" include="generated/kubeadm_certs_certificate-key.md" />}}
+{{< /tabs >}}
+
+## kubeadm certs check-expiration {#cmd-certs-check-expiration}
+
+This command checks expiration for the certificates in the local PKI managed by kubeadm.
+For more details see
+[Check certificate expiration](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#check-certificate-expiration).
+
+{{< tabs name="tab-certs-check-expiration" >}}
+{{< tab name="check-expiration" include="generated/kubeadm_certs_check-expiration.md" />}}
+{{< /tabs >}}
+
+## {{% heading "whatsnext" %}}
+
+* [kubeadm init](/docs/reference/setup-tools/kubeadm/kubeadm-init/) to bootstrap a Kubernetes control-plane node
+* [kubeadm join](/docs/reference/setup-tools/kubeadm/kubeadm-join/) to connect a node to the cluster
+* [kubeadm reset](/docs/reference/setup-tools/kubeadm/kubeadm-reset/) to revert any changes made to this host by `kubeadm init` or `kubeadm join`
diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md
index 997240399e435..038d337575406 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md
@@ -176,7 +176,7 @@ If the flag `--certificate-key` is not passed to `kubeadm init` and
 The following command can be used to generate a new key on demand:
 
 ```shell
-kubeadm alpha certs certificate-key
+kubeadm certs certificate-key
 ```
 
 ### Certificate management with kubeadm
@@ -244,7 +244,7 @@ or use a DNS name or an address of a load balancer.
    nodes. The key can be generated using:
 
    ```shell
-   kubeadm alpha certs certificate-key
+   kubeadm certs certificate-key
    ```
 
 Once the cluster is up, you can grab the admin credentials from the control-plane node
diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md b/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md
index b8c3236b73637..e387e2d41cf3a 100644
--- a/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md
@@ -133,10 +133,10 @@ option. Your cluster requirements may need a different configuration.
       ...
       You can now join any number of control-plane node by running the following command on each as a root:
           kubeadm join 192.168.0.200:6443 --token 9vr73a.a8uxyaju799qwdjv --discovery-token-ca-cert-hash sha256:7c2e69131a36ae2a042a339b33381c6d0d43887e2de83720eff5359e26aec866 --control-plane --certificate-key f8902e114ef118304e561c3ecd4d0b543adc226b7a07f675f56564185ffe0c07
-      
+
       Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
       As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use kubeadm init phase upload-certs to reload certs afterward.
-      
+
       Then you can join any number of worker nodes by running the following on each as root:
           kubeadm join 192.168.0.200:6443 --token 9vr73a.a8uxyaju799qwdjv --discovery-token-ca-cert-hash sha256:7c2e69131a36ae2a042a339b33381c6d0d43887e2de83720eff5359e26aec866
       ```
@@ -155,7 +155,7 @@ option. Your cluster requirements may need a different configuration.
       To generate such a key you can use the following command:
 
       ```sh
-      kubeadm alpha certs certificate-key
+      kubeadm certs certificate-key
       ```
 
     {{< note >}}
diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
index 02687a85f25f3..d344cca991129 100644
--- a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
+++ b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
@@ -52,7 +52,7 @@ setting up a cluster to use an external CA.
 You can use the `check-expiration` subcommand to check when certificates expire:
 
 ```
-kubeadm alpha certs check-expiration
+kubeadm certs check-expiration
 ```
 
 The output is similar to this:
@@ -120,7 +120,7 @@ command. In that case, you should explicitly set `--certificate-renewal=true`.
 
 ## Manual certificate renewal
 
-You can renew your certificates manually at any time with the `kubeadm alpha certs renew` command.
+You can renew your certificates manually at any time with the `kubeadm certs renew` command.
 
 This command performs the renewal using CA (or front-proxy-CA) certificate and key stored in `/etc/kubernetes/pki`.
 
@@ -129,10 +129,10 @@ If you are running an HA cluster, this command needs to be executed on all the c
 {{< /warning >}}
 
 {{< note >}}
-`alpha certs renew` uses the existing certificates as the authoritative source for attributes (Common Name, Organization, SAN, etc.) instead of the kubeadm-config ConfigMap. It is strongly recommended to keep them both in sync.
+`certs renew` uses the existing certificates as the authoritative source for attributes (Common Name, Organization, SAN, etc.) instead of the kubeadm-config ConfigMap. It is strongly recommended to keep them both in sync.
 {{< /note >}}
 
-`kubeadm alpha certs renew` provides the following options:
+`kubeadm certs renew` provides the following options:
 
 The Kubernetes certificates normally reach their expiration date after one year.
 
@@ -170,14 +170,14 @@ controllerManager:
 
 ### Create certificate signing requests (CSR)
 
-You can create the certificate signing requests for the Kubernetes certificates API with `kubeadm alpha certs renew --use-api`.
+You can create the certificate signing requests for the Kubernetes certificates API with `kubeadm certs renew --use-api`.
 
 If you set up an external signer such as [cert-manager](https://github.com/jetstack/cert-manager), certificate signing requests (CSRs) are automatically approved.
 Otherwise, you must manually approve certificates with the [`kubectl certificate`](/docs/setup/best-practices/certificates/) command.
 The following kubeadm command outputs the name of the certificate to approve, then blocks and waits for approval to occur:
 
 ```shell
-sudo kubeadm alpha certs renew apiserver --use-api &
+sudo kubeadm certs renew apiserver --use-api &
 ```
 The output is similar to this:
 ```
@@ -211,13 +211,13 @@ In kubeadm terms, any certificate that would normally be signed by an on-disk CA
 
 ### Create certificate signing requests (CSR)
 
-You can create certificate signing requests with `kubeadm alpha certs renew --csr-only`.
+You can create certificate signing requests with `kubeadm certs renew --csr-only`.
 
 Both the CSR and the accompanying private key are given in the output.
 You can pass in a directory with `--csr-dir` to output the CSRs to the specified location.
 If `--csr-dir` is not specified, the default certificate directory (`/etc/kubernetes/pki`) is used.
 
-Certificates can be renewed with `kubeadm alpha certs renew --csr-only`.
+Certificates can be renewed with `kubeadm certs renew --csr-only`.
 As with `kubeadm init`, an output directory can be specified with the `--csr-dir` flag.
 
 A CSR contains a certificate's name, domains, and IPs, but it does not specify usages.