Deprecate the SSH Tunneling functionality in API Server

As part of the effort to move in-tree cloud providers out of kubernetes
main repository, we have identified that kube apiserver should stop
using --cloud-provider and --cloud-config parameters. One of the main
users of the parameters above is the SSH Tunneling functionality which
is used only in the GCE scenarios. We need to deprecate these flags
now and remove them in a year per discussion on mailing list.

With this change, `ssh-user` and `ssh-keyfile` are now considered deprecated
and we can remove it in the future. This means that SSH tunnel functionality
used in Google Container Engine for the Master -> Cluster communication
will no longer be available in the future.

cmd/kube-apiserver/app/options/options.go

@@ -153,11 +153,15 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
 	fs.BoolVar(&s.EnableLogsHandler, "enable-logs-handler", s.EnableLogsHandler,
 		"If true, install a /logs handler for the apiserver logs.")
 
+	// Deprecated in release 1.9
 	fs.StringVar(&s.SSHUser, "ssh-user", s.SSHUser,
 		"If non-empty, use secure SSH proxy to the nodes, using this user name")
+	fs.MarkDeprecated("ssh-user", "This flag will be removed in a future version.")
 
+	// Deprecated in release 1.9
 	fs.StringVar(&s.SSHKeyfile, "ssh-keyfile", s.SSHKeyfile,
 		"If non-empty, use secure SSH proxy to the nodes, using this user keyfile")
+	fs.MarkDeprecated("ssh-keyfile", "This flag will be removed in a future version.")
 
 	fs.Int64Var(&s.MaxConnectionBytesPerSec, "max-connection-bytes-per-sec", s.MaxConnectionBytesPerSec, ""+
 		"If non-zero, throttle each user connection to this number of bytes/sec. "+