From 3e2bad02dcf709b137cd37993cbe9f959be3c92c Mon Sep 17 00:00:00 2001
From: SataQiu <shidaqiu2018@gmail.com>
Date: Fri, 8 Sep 2023 15:01:00 +0800
Subject: [PATCH] kubeadm: remove 'system:masters' organization from
 apiserver-etcd-client certificate

---
 cmd/kubeadm/app/phases/certs/certlist.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/cmd/kubeadm/app/phases/certs/certlist.go b/cmd/kubeadm/app/phases/certs/certlist.go
index 6e9710143f5..177d8224123 100644
--- a/cmd/kubeadm/app/phases/certs/certlist.go
+++ b/cmd/kubeadm/app/phases/certs/certlist.go
@@ -409,9 +409,8 @@ func KubeadmCertEtcdAPIClient() *KubeadmCert {
 		CAName:   "etcd-ca",
 		config: pkiutil.CertConfig{
 			Config: certutil.Config{
-				CommonName:   kubeadmconstants.APIServerEtcdClientCertCommonName,
-				Organization: []string{kubeadmconstants.SystemPrivilegedGroup},
-				Usages:       []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
+				CommonName: kubeadmconstants.APIServerEtcdClientCertCommonName,
+				Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
 			},
 		},
 	}