Worker did not receive kubelet-auth-flags post upgrade

[chuckbutler]

X509 errors have been cropping up ever since i upgraded to 1.5.3. This appears related to the PR that landed authentication on the kubelet daemon, where flags were added but it doesn't appear the defaults file was updated with these new flags.

To test, deploy 1.5.x then upgrade to 1.5.3

Issue any kubectl command that is going to require the master to talk to the worker, such as kubectl logs on a pod.

x509: certificate signed by unknown authority

$ cat /etc/default/kubelet
# kubernetes kubelet (node) config

# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=0.0.0.0"

# The port for the info server to serve on
KUBELET_PORT="--port=10250"

# You may leave this blank to use the actual hostname. If you override this
# reachability problems become your own issue.
# KUBELET_HOSTNAME="--hostname-override=kubernetes-worker-1"

# Add your own!
KUBELET_ARGS="--cluster-dns=10.152.183.10 --require-kubeconfig --kubeconfig=/srv/kubernetes/config --cluster-domain=cluster.local --network-plugin=cni"

It looks like the --tls* flags from https://github.com/kubernetes/kubernetes/pull/41919/files#diff-bdfd6f6b79f7f3171e9f0167164a7c98R340 didnt' quite make the upgrade.