If you are looking for the way to add an option key to kube-apiserver pod on existing cluster, you just need to edit file /etc/kubernetes/manifests/kube-apiserver.yaml on master node.

After saving this file, kube-apiserver pod will be restarted by kubelet service automatically.

Considering that flag you've mentioned has to have name of the configuration file as parameter, ensure the file exists on the master node file system.

--authentication-token-webhook-config-file string
File with webhook configuration for token authentication in kubeconfig format. The API server will query the remote service to determine authentication for bearer tokens.

The directory for the manifests is defined by kubelet option --pod-manifest-path and can be found using command:

$ ps aux | grep kubelet

You can find more information about life cycle of such pods in Kubernetes documentation