Added Support for OpenID Connect Authentication

To use OpenID Connect Authentication beside deploying an OpenID Connect
Identity Provider it is necesarry to pass additional arguments to the Kube API Server.
These required arguments were added to the kube apiserver manifest.

roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2

@@ -39,6 +39,19 @@ spec:
     - --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
     - --token-auth-file={{ kube_token_dir }}/known_tokens.csv
     - --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem
+{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
+    - --oidc-issuer-url={{ kube_oidc_url }}
+    - --oidc-client-id={{ kube_oidc_client_id }}
+{%   if kube_oidc_ca_file is defined %}
+    - --oidc-ca-file={{ kube_oidc_ca_file }}
+{%   endif %}
+{%   if kube_oidc_username_claim is defined %}
+    - --oidc-username-claim={{ kube_oidc_username_claim }}
+{%   endif %}
+{%   if kube_oidc_groups_claim is defined %}
+    - --oidc-groups-claim={{ kube_oidc_groups_claim }}
+{%   endif %}
+{% endif %}
     - --secure-port={{ kube_apiserver_port }}
     - --insecure-port={{ kube_apiserver_insecure_port }}
     - --storage-backend={{ kube_apiserver_storage_backend }}