Kubelet csr approver (#9877)

* chore(helm-apps): fix README example

README shows a non-working example according to the specs for this role.

* Add support for kubelet-csr-approver

Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* Add tests for kubelet-csr-approver

Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* Add Documentation for Kubelet CSR Approver

Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Co-authored-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

docs/vars.md

@@ -199,9 +199,9 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
 
 * *kubelet_rotate_server_certificates* - Auto rotate the kubelet server certificates by requesting new certificates
   from the kube-apiserver when the certificate expiration approaches.
-  **Note** that server certificates are **not** approved automatically. Approve them manually
-  (`kubectl get csr`, `kubectl certificate approve`) or implement custom approving controller like
-  [kubelet-rubber-stamp](https://github.com/kontena/kubelet-rubber-stamp).
+  Note that enabling this also activates *kubelet_csr_approver* which approves automatically the CSRs.
+  To customize its behavior, you can override the Helm values via *kubelet_csr_approver_values*.
+  See [kubelet-csr-approver](https://github.com/postfinance/kubelet-csr-approver) for more information.
 
 * *kubelet_streaming_connection_idle_timeout* - Set the maximum time a streaming connection can be idle before the connection is automatically closed.