Check whether static cert is already configured in UpdateTransportConfig

- Also update test-cmd.sh to pass a signing ca to the kube controller
  manager, so CSRs work properly in integration tests.

Signed-off-by: Margo Crawford <margaretc@vmware.com>

hack/make-rules/test-cmd.sh

@@ -80,7 +80,7 @@ function run_kube_apiserver() {
     --storage-media-type="${KUBE_TEST_API_STORAGE_TYPE-}" \
     --cert-dir="${TMPDIR:-/tmp/}" \
     --service-cluster-ip-range="10.0.0.0/24" \
-    --client-ca-file=hack/testdata/ca.crt \
+    --client-ca-file=hack/testdata/ca/ca.crt \
     --token-auth-file=hack/testdata/auth-tokens.csv 1>&2 &
   export APISERVER_PID=$!
 
@@ -121,6 +121,8 @@ EOF
   kube::log::status "Starting controller-manager"
   "${KUBE_OUTPUT_HOSTBIN}/kube-controller-manager" \
     --kube-api-content-type="${KUBE_TEST_API_TYPE-}" \
+    --cluster-signing-cert-file=hack/testdata/ca/ca.crt \
+    --cluster-signing-key-file=hack/testdata/ca/ca.key \
     --kubeconfig="${config}" 1>&2 &
   export CTLRMGR_PID=$!