Add functionality to pull OIDC provider CA file

[justapill]

What would you like to be added

Add a pre-install task which gives the option to download a root CA file to all master nodes.

Why is this needed

Currently, a user must download the CA file for their OIDC provider separately. Adding this functionality takes that burden off the user.

I have recently discovered this while setting up OIDC on my cluster with keycloak, which has it's certificate issued from Letsencrypt. Thankfully Letsencypt hosts their root CA on a webserver. - curl https://letsencrypt.org/certs/isrg-root-x2.pem

[justapill]

In hindsight, I've remembered that on Ubuntu for example; root CA's are managed by the apt package ca-certificates. I think this functionality would still be appreciated for root CA's that are not included in that package.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale