Comment 2 for bug 1971500

Reviewed: https://review.opendev.org/c/starlingx/stx-puppet/+/846237
Committed: https://opendev.org/starlingx/stx-puppet/commit/f6a29166ec00bd1a94459d838fa3f9f7117bf6f0
Submitter: "Zuul (22348)"
Branch: master

commit f6a29166ec00bd1a94459d838fa3f9f7117bf6f0
Author: Andy Ning <email address hidden>
Date: Thu Jun 16 15:52:49 2022 -0400

    Fix WAD user cannot access k8s API by oidc

    Currently when oidc-auth-apps is applied and oidc service
    parameters are applied, kube-apiserver's oidc_issuer_url points
    to cluster host floating IP instead of the OAM floating IP. This
    causes mis-match of oidc issuer that kube-apiserver is configured
    and the actual oidc issuer's IP address. User can no longer access
    k8s API even with a valid token.

    The issue is introduced by a sed substitution in
    kube-apiserver-change-params.erb where it replaces all the OAM IPs
    with kube-apisever's advertise address, including oidc-issuer-url.
    This fixed it by excluding oidc-issuer-url from the substitution.

    Test Plan for CentOS and Debian:
    PASS: oidc service parameters apply, helm overrides update and
          oidc-auth-apps apply
    PASS: run oidc-auth cli to get a token
    PASS: use the token to access k8s API by kubectl

    Closes-Bug: 1971500
    Closes-Bug: 1979006
    Signed-off-by: Andy Ning <email address hidden>
    Change-Id: I19d434c6322b4423d2e5b1732ff8af3f486b73f2