Custom SSL certificate in kubernetes cluster on AWS using kops, authentiction failure
I think your problem is sourced in the name of the group, which in context of X509 client certs is mapped to the the certificate’s organization field (/O).
Please try to change 'admin'
group name to the built-in one: 'system:masters'