Merge pull request #120521 from SataQiu/clean-kubeadm-20230908

kubeadm: remove 'system:masters' organization from apiserver-etcd-client certificate
2025-07-29 06:27:05 +00:00 · 2023-09-08 05:26:25 -07:00 · 2023-09-08 05:26:25 -07:00 · 4c0d37e767
commit 4c0d37e767
parent 4c43a25e6a 3e2bad02dc
1 changed files with 2 additions and 3 deletions
--- a/cmd/kubeadm/app/phases/certs/certlist.go
+++ b/cmd/kubeadm/app/phases/certs/certlist.go
@ -409,9 +409,8 @@ func KubeadmCertEtcdAPIClient() *KubeadmCert {
 		CAName:   "etcd-ca",
 		config: pkiutil.CertConfig{
 			Config: certutil.Config{
-				CommonName:   kubeadmconstants.APIServerEtcdClientCertCommonName,
-				Organization: []string{kubeadmconstants.SystemPrivilegedGroup},
-				Usages:       []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
+				CommonName: kubeadmconstants.APIServerEtcdClientCertCommonName,
+				Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
 			},
 		},
 	}