diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 2f4c7b1..a7af7ed 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -290,9 +290,9 @@ jobs:
                       key: dopplerToken
                       namespace: external-secrets
           EOF
-          # CCM and CSI are suspended for stable baseline - using k3s embedded cloud provider
-          # kubectl -n flux-system wait --for=condition=Ready kustomization/addon-ccm --timeout=300s
-          # kubectl -n flux-system wait --for=condition=Ready kustomization/addon-csi --timeout=300s
+          # Wait for CCM and CSI (Hetzner cloud integration)
+          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-ccm --timeout=600s
+          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-csi --timeout=600s
           kubectl -n flux-system wait --for=condition=Ready kustomization/addon-tailscale-operator --timeout=300s
           # Observability stack deferred - complex helm release timing out, debug separately
           # kubectl -n flux-system wait --for=condition=Ready kustomization/addon-observability --timeout=300s
@@ -302,6 +302,7 @@ jobs:
         working-directory: ansible
         run: |
           ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl get nodes -o wide"
+          ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl describe nodes | grep -E '(Name:|providerID:)'"
           ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl -n flux-system get gitrepositories,kustomizations,helmreleases"
           ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl -n kube-system get pods -o wide"
           ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl get storageclass"
diff --git a/ansible/roles/k3s-agent/defaults/main.yml b/ansible/roles/k3s-agent/defaults/main.yml
index 8b71410..8cc646a 100644
--- a/ansible/roles/k3s-agent/defaults/main.yml
+++ b/ansible/roles/k3s-agent/defaults/main.yml
@@ -3,4 +3,4 @@ k3s_version: latest
 k3s_server_url: ""
 k3s_token: ""
 k3s_node_ip: ""
-k3s_kubelet_cloud_provider_external: false
+k3s_kubelet_cloud_provider_external: true
diff --git a/ansible/roles/k3s-server/defaults/main.yml b/ansible/roles/k3s-server/defaults/main.yml
index 131ede6..c8f4549 100644
--- a/ansible/roles/k3s-server/defaults/main.yml
+++ b/ansible/roles/k3s-server/defaults/main.yml
@@ -5,4 +5,4 @@ k3s_node_ip: ""
 k3s_primary_public_ip: ""
 k3s_disable_embedded_ccm: true
 k3s_disable_servicelb: true
-k3s_kubelet_cloud_provider_external: false
+k3s_kubelet_cloud_provider_external: true
diff --git a/infrastructure/addons/kustomization-ccm.yaml b/infrastructure/addons/kustomization-ccm.yaml
index 9d20eee..6041dee 100644
--- a/infrastructure/addons/kustomization-ccm.yaml
+++ b/infrastructure/addons/kustomization-ccm.yaml
@@ -11,5 +11,5 @@ spec:
     name: platform
   path: ./infrastructure/addons/ccm
   wait: true
-  timeout: 5m
-  suspend: true
+  timeout: 10m
+  suspend: false
diff --git a/infrastructure/addons/kustomization-csi.yaml b/infrastructure/addons/kustomization-csi.yaml
index 4598bc4..da13e7e 100644
--- a/infrastructure/addons/kustomization-csi.yaml
+++ b/infrastructure/addons/kustomization-csi.yaml
@@ -10,8 +10,8 @@ spec:
     kind: GitRepository
     name: platform
   path: ./infrastructure/addons/csi
-  # dependsOn:
-  #   - name: addon-ccm  # Deferred - CCM suspended for stable baseline
+  dependsOn:
+    - name: addon-ccm
   wait: true
-  timeout: 5m
-  suspend: true
+  timeout: 10m
+  suspend: false