Merge pull request #52196 from luxas/kubeadm_enable_rotation

Automatic merge from submit-queue (batch tested with PRs 52007, 52196, 52169, 52263, 52291)

kubeadm: Enable certificate rotation

**What this PR does / why we need it**:

Enables cert rotation as planned for the v1.8 cycle in https://github.com/kubernetes/kubeadm/issues/386
Can now be done as everything's in place in the code now that beta.1 is released with all the necessary features (Kubelet clientcert rotation now beta, woot!)

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

fixes: https://github.com/kubernetes/kubeadm/issues/386

**Special notes for your reviewer**:

This file does _ONLY_ affect the kubeadm e2e CI.
What will actually end up in the debs/rpms is going into kubernetes/release right before v1.8 is released (due to how those scripts work, not optimal :/ )

**Release note**:

```release-note
kubeadm: Enable kubelet client certificate rotation
```
@kubernetes/sig-cluster-lifecycle-pr-reviews @kubernetes/sig-auth-pr-reviews

build/debs/kubeadm-10.conf

@@ -5,5 +5,6 @@ Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/n
 Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local"
 Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
 Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
+Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true"
 ExecStart=
-ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_EXTRA_ARGS
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS