From 5fb543a4118d38f61c598fa004ff23fc8e8ada37 Mon Sep 17 00:00:00 2001
From: SataQiu <shidaqiu2018@gmail.com>
Date: Wed, 9 Aug 2023 19:10:45 +0800
Subject: [PATCH] kubeadm: remove 'system:masters' organization from
 etcd/healthcheck-client certificate

---
 cmd/kubeadm/app/phases/certs/certlist.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/cmd/kubeadm/app/phases/certs/certlist.go b/cmd/kubeadm/app/phases/certs/certlist.go
index 33539a9fdf2..6e9710143f5 100644
--- a/cmd/kubeadm/app/phases/certs/certlist.go
+++ b/cmd/kubeadm/app/phases/certs/certlist.go
@@ -393,9 +393,8 @@ func KubeadmCertEtcdHealthcheck() *KubeadmCert {
 		CAName:   "etcd-ca",
 		config: pkiutil.CertConfig{
 			Config: certutil.Config{
-				CommonName:   kubeadmconstants.EtcdHealthcheckClientCertCommonName,
-				Organization: []string{kubeadmconstants.SystemPrivilegedGroup},
-				Usages:       []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
+				CommonName: kubeadmconstants.EtcdHealthcheckClientCertCommonName,
+				Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
 			},
 		},
 	}