Fix WAD user cannot access k8s API by oidc

Currently when oidc-auth-apps is applied and oidc service
parameters are applied, kube-apiserver's oidc_issuer_url points
to cluster host floating IP instead of the OAM floating IP. This
causes mis-match of oidc issuer that kube-apiserver is configured
and the actual oidc issuer's IP address. User can no longer access
k8s API even with a valid token.

The issue is introduced by a sed substitution in
kube-apiserver-change-params.erb where it replaces all the OAM IPs
with kube-apisever's advertise address, including oidc-issuer-url.
This fixed it by excluding oidc-issuer-url from the substitution.

Test Plan for CentOS and Debian:
PASS: oidc service parameters apply, helm overrides update and
      oidc-auth-apps apply
PASS: run oidc-auth cli to get a token
PASS: use the token to access k8s API by kubectl

Closes-Bug: 1971500
Closes-Bug: 1979006
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: I19d434c6322b4423d2e5b1732ff8af3f486b73f2

puppet-manifests/src/modules/platform/templates/kube-apiserver-change-params.erb

@@ -47,6 +47,6 @@ kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch configmap k
 kubectl --kubeconfig=/etc/kubernetes/admin.conf get cm -n kube-system kubeadm-config -o=jsonpath='{.data.ClusterConfiguration}' > <%= @configmap_temp_file %>
 kubeadm init phase control-plane apiserver --config <%= @configmap_temp_file %>
 DEFAULT_NETWORK_INTERFACE=$(grep 'advertise-address=' /etc/kubernetes/manifests/kube-apiserver.yaml  | cut -d "=" -f2)
-sed -i "s/$DEFAULT_NETWORK_INTERFACE/$APISERVER_ADVERTISE_ADDRESS/g" /etc/kubernetes/manifests/kube-apiserver.yaml
+sed -i "/oidc-issuer-url/! s/$DEFAULT_NETWORK_INTERFACE/$APISERVER_ADVERTISE_ADDRESS/g" /etc/kubernetes/manifests/kube-apiserver.yaml
 rm <%= @configmap_temp_file %>
 rm <%= @configview_temp_file %>