In v1.20, TokenRequest and TokenRequestProjection become GA features,
and the following flags are required by the API server:
* --service-account-issuer
* --service-account-key-file
* --service-account-signing-key-file
This change ensures that the flags are set, and that the required keys
are in the right places.
Change-Id: I6606c5b1c9ff005d1943b424e3e7ad4d20b68408
This change accomplishes 2 primary things:
1. It generalizes work to enable the EventRateLimit admission plugin.
2. It restructures the anchor so that during an upgrade an "old" anchor
does not try to coordinate the injection of "new" data from
configmaps/secrets.
It also includes these ancillary changes:
* Clean up apiserver argument specification in the chart.
* De-duplicate and realign apiserver arguments in bootstrapping templates.
It has the side effects of:
* Adding a new field, ".apiserver.arguments" to the Genesis config,
which will be the preferred way to configure bootstrapping apiservers
going forward (in lieu of command_prefix).
Change-Id: I33cfe80ee8e29cd79e479a7985e3c098a2288fda