Rename from aggregator-proxy-client to front-proxy-client to match kubeadm design. Added kubeadm support too. Changed to use variables set and not hardcode paths. Still missing cert generation for Vault

roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2

@@ -101,14 +101,14 @@ spec:
     - --feature-gates={{ kube_feature_gates|join(',') }}
 {% endif %}
 {% if kube_version | version_compare('1.9', '>=') %}
-    - --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem
-    - --requestheader-allowed-names=system:aggregator-proxy-client
-    - "--requestheader-extra-headers-prefix=X-Remote-Extra-"
+    - --requestheader-client-ca-file={{ kube_cert_dir }}/ca.pem
+    - --requestheader-allowed-names={{ kube_api_requestheader_allowed_names }}
+    - --requestheader-extra-headers-prefix=X-Remote-Extra-
     - --requestheader-group-headers=X-Remote-Group
     - --requestheader-username-headers=X-Remote-User
-    - --enable-aggregator-routing=true
-    - --proxy-client-cert-file=/etc/kubernetes/ssl/aggregator-proxy-client.pem
-    - --proxy-client-key-file=/etc/kubernetes/ssl/aggregator-proxy-client-key.pem
+    - --enable-aggregator-routing={{ kube_api_aggregator_routing }}
+    - --proxy-client-cert-file={{ kube_cert_dir }}/front-proxy-client.pem
+    - --proxy-client-key-file={{ kube_cert_dir }}/front-proxy-client-key.pem
 {% endif %}
 {% if apiserver_custom_flags is string %}
     - {{ apiserver_custom_flags }}