:sparkles: add TLS configuration flags

[tuminoid]

What this PR does / why we need it:

Add --tls-min-version, --tls-max-version and --tls-cipher-suites configuration flags. Same flags can be found in k8s, CAPI, CAPM3 etc.

This enables configuring TLS 1.3 in high security environments, or limiting TLS to 1.2 for debugging purposes as 1.3 is considerably harder to debug.

Special notes for your reviewer:

1. Please confirm that if this PR changes any image versions, then that's the sole change this PR makes. No.

TODOs:

• [x] squashed commits
• if necessary:
  • [x] includes documentation
  • [x] adds unit tests

[netlify[bot]]

✅ Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!

Name	Link
🔨 Latest commit	2c8a1a62303fa7beb62a3afd559de5ee16906340
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-cluster-api-openstack/deploys/65c387cee541bd0008b731eb
😎 Deploy Preview	https://deploy-preview-1867--kubernetes-sigs-cluster-api-openstack.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[k8s-ci-robot]

Hi @tuminoid. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[EmilienM]

/ok-to-test

[EmilienM]

really cool work, thanks! I was wondering if we could have some doc (maybe in a separate PR) on how to setup CAPO with TLS. Unless it's already covered in some other repositories?

/lgtm

[tuminoid]

really cool work, thanks! I was wondering if we could have some doc (maybe in a separate PR) on how to setup CAPO with TLS. Unless it's already covered in some other repositories?

CAPO webhook TLS is handled by cert-manager via the kustomizations. These flags just give granular control over the TLS versions webhook server is accepting. I tried to check if flags could be added to some template (commented out by default), or any documentation, but I didn't see any of the other flags in any template or doc either. Seems there is a gap in documenting the flags in general.

[EmilienM]

/lgtm

[huxcrux]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lentzi90, tuminoid

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/cluster-api-provider-openstack/blob/main/OWNERS)~~ [lentzi90] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment