I lost my kubelet PKI certs on my controller -- recover from disaster?

I have accidentally deleted /var/lib/k0s/kubelet/pki and now my controller is in a dead state. I can access the kube-api but the kubelet seems dead indeed. I have been able to recover the worker in some sense but the controller is not going to work. I wonder what should I do to recover a correct /var/lib/k0s/kubelet/pki without deleting the controller node because it runs Rook and Ceph and I cannot afford to lose it

Which k0s version are you running?

Note: We cannot fully replicate you env & current situation, thus the recommendations might not be 100% accurate

Note2: If possible, take backups on the data at Rook/Ceph storage before doing anythng else

Deleting /var/lib/k0s/kubelet/pki essentially deletes kubelet auth certs which it uses to connect to the API. In the logs you probably see kubelet trying to come up but fails to load the certs.

In my test env I was able to overcome this by deleting also /var/lib/k0s/kubelet.conf which references the certs in .../pki/ dir. After I deleted the file kubelet came up properly and everything was running smoothly. Of course, I did not have Rook/Ceph running there but at least all the usual pods was kept running without restarts.