In order to provide personalized access to our internal Kubernetes cluster, bootstrapped by Kubeadm, I've installed DEX, DEX K8S Authenticator, configured LDAP connector and only thing left is to make Kubernetes trust DEX OpenID Connect provider. According to documentation, several arguments (like oidc-issuer-url and oidc-client-id) have to be added to Kubernetes API command line, but seems that API isn't configurable at all after cluster installation:

• kubeadm init is intended to bootstrap a new cluster and I suppose I can destroy an existing cluster using it
• static pod definition /etc/kubernetes/manifests/kube-apiserver.yaml is not supported anymore, because, as reported here (and I confirm that), API pod stops after modifying it and cluster become unresponsive until I undo all changes.
• I also tried to edit API pod definition directly, via kubectl edit pod, but Kubernetes rejected this change because only limited set of fields could be changed this way.

Does anyone know how to adjust API server configuration safely or reinstalling the cluster is the must to append just a plenty of arguments to API command line?