Replace TLS_MIN_VERSION & TLS_CIPHERS env vars with flags

[ormergi]

What this PR does / why we need it:
Resolve TLS related env vars part of #606

Special notes for your reviewer:

• This PR also set the project default minimal TLS version explicitly though the introduced min-tls-version to TLS 1.3.
• Previously the min TLS version default was set via the release manifest; setting TLS_VERSION env var to VersioTLS13, this is not longer needed as flags support default values.

Release note:

`TLS_MIN_VERSION` and `TLS_CIPHERS` environment variables are obsolete and replaced by the flags `tls-min-verison` and 'tls-cipher-suites' (respectively).
- Default value for `min-tls-verison` is `VertsionTLS13` (TLS 1.3).
- When min-tls-verison=VertsionTLS13 tls-cipher-suites is ignored, and TLS ciphers will be selected by the runtime.

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ramlavi for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the application's TLS configuration by transitioning from environment variables to command-line flags for specifying the minimum TLS version and cipher suites. This change provides a more robust and explicit method for managing these security-critical settings, improving configurability and maintainability. Additionally, it standardizes the default minimum TLS version to TLS 1.3, bolstering the application's security posture.

Highlights

• Configuration Management: Replaced the use of TLS_MIN_VERSION and TLS_CIPHERS environment variables with new command-line flags: tls-min-version and tls-cipher-suites.
• Default TLS Version: Explicitly set the default minimum TLS version to TLS 1.3 via the new tls-min-version flag, aligning with modern security best practices.
• Manifest Clean-up: Removed the TLS_MIN_VERSION environment variable from various Kubernetes manifest files (config/default/manager/manager.yaml, config/release/kubemacpool.yaml, config/test/kubemacpool.yaml) as it is no longer needed.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request replaces the TLS_MIN_VERSION and TLS_CIPHERS environment variables with command-line flags, which is a good improvement for configuration management. The changes are applied consistently across the Go code and Kubernetes manifests. I've found a minor issue in the help text for the new tls-cipher-suites flag where missing spaces would lead to a garbled message.

[RamLavi]

Hey, thanks! only small changes

[RamLavi]

there is a typo in the flag description which could be confusing: please change min-tls-version --> tls-min-version

[RamLavi]

nit: . (with space)-->. (without)