Remove nginx and replace basic auth with bearer token auth for GCE.

- Configure the apiserver to listen securely on 443 instead of 6443.
 - Configure the kubelet to connect to 443 instead of 6443.
 - Update documentation to refer to bearer tokens instead of basic auth.

cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest

@@ -44,7 +44,11 @@
 {% set cert_file = "--tls_cert_file=/srv/kubernetes/server.cert" -%}
 {% set key_file = "--tls_private_key_file=/srv/kubernetes/server.key" -%}
 
-{% set secure_port = "--secure_port=6443" -%}
+{% set secure_port = "6443" -%}
+{% if grains['cloud'] is defined and grains['cloud'] == 'gce' %}
+  {% set secure_port = "443" -%}
+{% endif -%}
+
 {% set token_auth_file = "--token_auth_file=/dev/null" -%}
 
 {% if grains.cloud is defined -%}
@@ -77,24 +81,24 @@
                  "/kube-apiserver",
                  "{{address}}",
                  "{{etcd_servers}}",
-                 "{{ cloud_provider }}",
-                 "{{ cloud_config }}",
-                 "{{ runtime_config }}",
+                 "{{cloud_provider}}",
+                 "{{cloud_config}}",
+                 "{{runtime_config}}",
                  "{{admission_control}}",
                  "--allow_privileged={{pillar['allow_privileged']}}",
                  "{{portal_net}}",
                  "{{cluster_name}}",
                  "{{cert_file}}",
                  "{{key_file}}",
-                 "{{secure_port}}",
+                 "--secure_port={{secure_port}}",
                  "{{token_auth_file}}",
                  "{{publicAddressOverride}}",
                  "{{pillar['log_level']}}"
                ],
     "ports":[
       { "name": "https",
-        "containerPort": 6443,
-        "hostPort": 6443},{
+        "containerPort": {{secure_port}},
+        "hostPort": {{secure_port}}},{
        "name": "http",
         "containerPort": 7080,
         "hostPort": 7080},{