support TLS configuration for LWS

[Mostafahassen1]

What type of PR is this?

/kind feature
/kind api-change

What this PR does / why we need it

This PR introduces TLS support for the LWS webhook server, allowing secure communication by specifying minimum TLS versions and cipher suites.

Changes included in this PR:

1. Added TLSOptions to api/config/v1alpha1/configuration_types.go and regenerated deepcopy methods.
2. Created pkg/config/tls.go to handle parsing and created validateTLSOptions in pkg/config/validation.go.
3. Refactored the webhook initialization logic by moving it out of addTo() and into a new exported function AddWebhookSettingsTo in pkg/config/config.go to prevent configuration conflicts.
4. Updated cmd/main.go to parse the TLS options and properly wire them to the new AddWebhookSettingsTo function.
5. Added the tls: stanza to the controller manager config.

Which issue(s) this PR fixes

Fixes #[#723]

Special notes for your reviewer

• I followed the same architectural pattern used in Kueue for TLS wiring to ensure consistency.
• Note on testing: All unit tests passed (make test). During local E2E testing (make test-e2e),
• I noticed that two end-to-end tests are failing. Could you give me a hint on whether I am on the right track?

[netlify]

✅ Deploy Preview for kubernetes-sigs-lws canceled.

Name	Link
🔨 Latest commit	2adea54
🔍 Latest deploy log	https://app.netlify.com/projects/kubernetes-sigs-lws/deploys/69bd5c2d40199a0008e93e86

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Mostafahassen1
Once this PR has been reviewed and has the lgtm label, please assign kerthcet for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @Mostafahassen1. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[Mostafahassen1]

/cc @kannon92 , @ardaguclu

[kannon92]

Looks good at a high level. I think there are a few changes that need to be removed.

[kannon92]

This seems like it's not needed.

[Mostafahassen1]

Done

[kannon92]

Can you revert this?

[Mostafahassen1]

Done

[Edwinhr716]

/ok-to-test

[k8s-ci-robot]

@Mostafahassen1: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-lws-test-unit-main	2adea54	link	true	/test pull-lws-test-unit-main

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[Mostafahassen1]

Hi @Edwinhr716 @kannon92

Thank you for triggering the tests! I noticed that the pull-lws-test-unit-main job is failing.

I looked into the test logs, and the failures are occurring in pkg/config/config_test.go (specifically the TestLoad cases). This is happening because my refactor moves the webhook initialization out of the Load path and into the new AddWebhookSettingsTo function. As a result, the TestLoad assertions are failing because they expect the WebhookServer to be populated, but it is now returning nil.

I want to make sure I follow the best practices for this project. Could you advise on your preferred approach to fix this?