Hi. After approving a CSR with kubectl, by checking the yaml output of the CSR I notice that k8s is adding the group system:masters and system:authenticated groups by default.
spec:
groups:
- system:masters
- system:authenticated
I think the system:authenticated group is ok, but I need to limit user permissions.
Why this is happening and how can I prevent it?
Using “kubeclt edit csr” and delete the “system:masters” group will solve the security issue?