Fix CCM Webhook Listener Port Collision

[M4t7e]

This PR fixes #934

It seems K3s CCM is (partially) active in case Klipper LB is used. In this situation, if Hetzner CCM (HCCM) is running on a CP node, there will be a port conflict as both K3s CCM and HCCM try to bind to port 10260. This is caused by a new feature introduced in Kubernetes 1.27 with kubernetes/kubernetes#108838.

Thanks to @apricote we have a workaround to disable the HCCM webhook listener by adding --webhook-secure-port=0 flag to HCCM. This can be used in HCCM > v1.16.0.

See also kubernetes/kubernetes#120043.

I tested this flag with and without using Klipper LB and it seems to work fine 🙂

[apricote]

Thanks to @apricote we have a workaround to disable the HCCM webhook listener by adding --webhook-secure-port=0 flag to HCCM. This can be used in HCCM from v1.27.2.

This flag can be used in any version of HCCM > v1.16.0 (which upgraded to kubernetes 1.27 dependencies). It is not necessary from v1.27.2, as its now part of the HCCM published manifests.

[M4t7e]

Thanks for the clarification @apricote

I have adjusted the description accordingly.

[mysticaltech]

@M4t7e @apricote Thanks for this, just released in v2.6.1.