Ingress tls1.3 [WIP]

[jschaul]

https://wearezeta.atlassian.net/browse/FS-33
version support: https://github.com/kubernetes/ingress-nginx#support-versions-table

This PR, once working (still WIP)

• allows TLS 1.3 connections (while maintaining TLS 1.2 support)
• upgrades the nginx-ingress chart to a recent version that supports TLS 1.3. This, as a result, requires kubernetes >= 1.19 (added a changelog entry for that)
• Any overrides will need to be adjusted (added a changelog entry for that)

Current issues:

• Error: Service "test-bw4377dj3tiz-ic-2-ingress-nginx-controller" is invalid: spec.ports[0].nodePort: Invalid value: 31772: provided port is already allocated: seems like we can't do an in-place upgrade with helm on the existing controller; instead a migration needs to be devised & documented.

TODO:

• test on different k8s versions
• maybe also update api version of ingress definitions to match k8s 1.19+

Checklist

• The PR Title explains the impact of the change.
• The PR description provides context as to why the change should occur and what the code contributes to that effect. This could also be a link to a JIRA ticket or a Github issue, if there is one.
• changelog.d contains the following bits of information:
  • A file with the changelog entry in one or more suitable sub-sections. The sub-sections are marked by directories inside changelog.d.

[jschaul]

Superseded by #3140