Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
certificates.md: add note about system:masters in apiserver cert
The kube-apiserver flag --kubelet-client-certificate accepts a client certificate (kube-apiserver-kubelet-client.crt) to connect to the kubelet. There is no need for this certificate to have "system:masters" as "O" in the Subject, instead it can be a less privileged group like kubeadm's "kubeadm:cluster-admins".
- Loading branch information