Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kubeadm: change SystemPrivilegedGroup in apiserve-kubelet-client.crt
The component connection between kube-apiserver and kubelet does not require the "O" field on the Subject to be set to the "system:masters" privileged group. It can be a less privileged group like "kubeadm:cluster-admins". Change the group in the apiserve-kubelet-client certificate specification. This cert is passed to --kubelet-client-certificate.
- Loading branch information