Ability to control the ciphers exposed on rke2 9345/tcp

[huornlmj]

Describe the solution you'd like
The ciphers exposed on rke2 9345/tcp are as follows:

TLSv1.2 (server order -- server prioritizes ChaCha ciphers when preferred by clients)
	xc02b   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256           ECDH 521   AESGCM      128      ECDHE-ECDSA-AES128-GCM-SHA256      
	xc02c   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384           ECDH 521   AESGCM      256      ECDHE-ECDSA-AES256-GCM-SHA384      
	xcca9   TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256     ECDH 521   ChaCha20    256      ECDHE-ECDSA-CHACHA20-POLY1305      
TLSv1.3 (no server order, thus listed by strength)
	x1302   TLS_AES_256_GCM_SHA384                            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384             
	x1303   TLS_CHACHA20_POLY1305_SHA256                      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256       
	x1301   TLS_AES_128_GCM_SHA256                            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256  

Due to internal security policy, only certain ciphers are permitted. As such I would need the ability to disable TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.2.

[dereknola]

This is controlled by the tls-cipher-suites arguments to both kube-apiserver and kublet. You can configure those arguments with the standard rke2 config.yaml. For example:

kubelet-arg:
  - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
kube-apiserver-arg:
< SAME THING AS ABOVE>

Its a comma separated list of ciphers you want to support.