I have one doubt , regarding “The Admin Client Certificate” , which I found while watching the series “Install Kubernetes the Hard Way” .
As per https://github.com/mmumshad/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md
while creating admin clinet certificate CSR we are doing it through below
openssl req -new -key admin.key -subj “/CN=admin/O=system:masters” -out admin.csr
as per my understanding CN is Common Name ( host name / computer name) & O as Organization . but what is system:masters here , which mention as Organization .
Also I found the note as below
Note: that the admin user is part of the system:masters group. This is how we are able to perform any administrative operations on Kubernetes cluster using kubectl utility.
so my question is how to create system:masters groups . or how to check all these system groups , are we binding this group with ClusterRole / ClusterRoleBinding anywhere ? what are other roles there on the system ? also while crating CSR request how we are making the user part of the system:master role by only mentioning it in O paramter .
Could you please give me a clear concept on this , or do you have any video tutorial explaining this ?