Add HA/LB endpoints for kube-apiserver

* Add auto-evaluated internal endpoints and clarify the loadbalancer_apiserver
vars and usecases.
* Add loadbalancer_apiserver_localhost (default false). If enabled, override
the external LB and expect localhost:443/8080 to be new internal only frontends.
* Add kube_apiserver_multiaccess to ignore loadbalancers, and make clients
to access the apiservers as a comma-separated list of access_ip/ip/ansible ip
(a default mode). When disabled, allow clients to use the given loadbalancers.
* Define connections security mode for kube controllers, schedulers, proxies.
It is insecure be default, which is the current deployment choice.
* Rework the groups['kube-master'][0] hardcode defining the apiserver
endpoints.
* Improve grouping of vars and add facts for kube_apiserver.
* Define kube_apiserver_insecure_bind_address as a fact, add more
facts for ease of use.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>

roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2

@@ -11,7 +11,11 @@ spec:
     command:
     - /hyperkube
     - controller-manager
-    - --master=http://127.0.0.1:{{kube_apiserver_insecure_port}}
+{% if kube_controller_insecure %}
+    - --master={{ kube_apiserver_insecure_endpoint }}
+{% else %}
+    - --master={{ kube_apiserver_endpoint }}
+{% endif %}
     - --leader-elect=true
     - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
     - --root-ca-file={{ kube_cert_dir }}/ca.pem

roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2

@@ -12,7 +12,11 @@ spec:
     - /hyperkube
     - scheduler
     - --leader-elect=true
-    - --master=http://127.0.0.1:{{kube_apiserver_insecure_port}}
+{% if kube_scheduler_insecure %}
+    - --master={{ kube_apiserver_insecure_endpoint }}
+{% else %}
+    - --master={{ kube_apiserver_endpoint }}
+{% endif %}
     - --v={{ kube_log_level | default('2') }}
     livenessProbe:
       httpGet: