Merge pull request #40760 from mikedanese/gce

Automatic merge from submit-queue (batch tested with PRs 40760, 46706, 46783, 46742, 46751)

enable kubelet csr bootstrap in GCE/GKE

@jcbsmpsn @pipejakob 

Fixes https://github.com/kubernetes/kubernetes/issues/31168

```release-note
Enable kubelet csr bootstrap in GCE/GKE
```

cluster/saltbase/salt/kubelet/default

@@ -38,6 +38,10 @@
   {% endif -%}
 {% endif -%}
 
+{% if grains.cloud == 'gce' -%}
+  {% set api_servers = "--experimental-bootstrap-kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig --require-kubeconfig --kubeconfig=/var/lib/kubelet/kubeconfig" -%}
+{% endif -%}
+
 {% set cloud_provider = "" -%}
 {% if grains.cloud is defined and grains.cloud not in ['vagrant', 'photon-controller', 'azure-legacy'] -%}
   {% set cloud_provider = "--cloud-provider=" + grains.cloud -%}

cluster/saltbase/salt/kubelet/init.sls

@@ -23,9 +23,9 @@
 # won't be able to parse it as JSON and it will not be able to publish events
 # to the apiserver. You'll see a single error line in the kubelet start up file
 # about this.
-/var/lib/kubelet/kubeconfig:
+/var/lib/kubelet/bootstrap-kubeconfig:
   file.managed:
-    - source: salt://kubelet/kubeconfig
+    - source: salt://kubelet/bootstrap-kubeconfig
     - user: root
     - group: root
     - mode: 400
@@ -60,7 +60,7 @@ fix-service-kubelet:
       - file: /usr/local/bin/kubelet
       - file: {{ pillar.get('systemd_system_path') }}/kubelet.service
       - file: {{ environment_file }}
-      - file: /var/lib/kubelet/kubeconfig
+      - file: /var/lib/kubelet/bootstrap-kubeconfig
 {% if grains.cloud != 'gce' %}
       - file: /var/lib/kubelet/ca.crt
 {% endif %}
@@ -90,7 +90,7 @@ kubelet:
       - file: /usr/lib/systemd/system/kubelet.service
 {% endif %}
       - file: {{ environment_file }}
-      - file: /var/lib/kubelet/kubeconfig
+      - file: /var/lib/kubelet/bootstrap-kubeconfig
 {% if grains.cloud != 'gce' %}
       - file: /var/lib/kubelet/ca.crt
 {% endif %}