Kubernetes includes a stock "system:masters" group that have full access to cluster resources:
https://kubernetes.io/docs/reference/access-authn-authz/rbac/

kubeadm binds its administrator account to this group:
https://github.com/kubernetes/kubernetes/blob/e45b8bfe0f45c276537bb8e927b2ae5af8466590/cmd/kubeadm/app/constants/constants.go#L168

this ticket is created with the assumption that the group name will be changed at some point (based on the efforts by wg-naming), potentially by introducing a new group that has the same level of access and deprecating the old group.

on the side of kubeadm we'd have to track this effort and adapt kubeadm to handle the introduction of the new group.

k/k issue: (NONE exists yet?)
plan: TODO