Enable Hetzner CCM and CSI for cloud provider integration

- Enable --kubelet-arg=cloud-provider=external on all nodes (control planes and workers) - Activate CCM Kustomization with 10m timeout for Hetzner cloud-controller-manager - Activate CSI Kustomization with dependsOn CCM and 10m timeout for hcloud-csi - Update deploy workflow to wait for CCM/CSI readiness (600s timeout) - Add providerID verification to post-deploy health checks This enables proper cloud provider integration with Hetzner CCM for node labeling and Hetzner CSI for persistent volume provisioning.
2026-03-22 22:26:21 +00:00
parent 4eebbca648
commit 561cd67b0c
5 changed files with 12 additions and 11 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -290,9 +290,9 @@ jobs:
                      key: dopplerToken
                      namespace: external-secrets
          EOF
-          # CCM and CSI are suspended for stable baseline - using k3s embedded cloud provider
+          # Wait for CCM and CSI (Hetzner cloud integration)
-          # kubectl -n flux-system wait --for=condition=Ready kustomization/addon-ccm --timeout=300s
+          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-ccm --timeout=600s
-          # kubectl -n flux-system wait --for=condition=Ready kustomization/addon-csi --timeout=300s
+          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-csi --timeout=600s
          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-tailscale-operator --timeout=300s
          # Observability stack deferred - complex helm release timing out, debug separately
          # kubectl -n flux-system wait --for=condition=Ready kustomization/addon-observability --timeout=300s
@@ -302,6 +302,7 @@ jobs:
        working-directory: ansible
        run: |
          ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl get nodes -o wide"
          ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl describe nodes | grep -E '(Name:|providerID:)'"
          ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl -n flux-system get gitrepositories,kustomizations,helmreleases"
          ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl -n kube-system get pods -o wide"
          ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl get storageclass"
--- a/ansible/roles/k3s-agent/defaults/main.yml
+++ b/ansible/roles/k3s-agent/defaults/main.yml
@@ -3,4 +3,4 @@ k3s_version: latest
 k3s_server_url: ""
 k3s_token: ""
 k3s_node_ip: ""
-k3s_kubelet_cloud_provider_external: false
+k3s_kubelet_cloud_provider_external: true
--- a/ansible/roles/k3s-server/defaults/main.yml
+++ b/ansible/roles/k3s-server/defaults/main.yml
@@ -5,4 +5,4 @@ k3s_node_ip: ""
 k3s_primary_public_ip: ""
 k3s_disable_embedded_ccm: true
 k3s_disable_servicelb: true
-k3s_kubelet_cloud_provider_external: false
+k3s_kubelet_cloud_provider_external: true
--- a/infrastructure/addons/kustomization-ccm.yaml
+++ b/infrastructure/addons/kustomization-ccm.yaml
@@ -11,5 +11,5 @@ spec:
    name: platform
  path: ./infrastructure/addons/ccm
  wait: true
-  timeout: 5m
+  timeout: 10m
-  suspend: true
+  suspend: false
--- a/infrastructure/addons/kustomization-csi.yaml
+++ b/infrastructure/addons/kustomization-csi.yaml
@@ -10,8 +10,8 @@ spec:
    kind: GitRepository
    name: platform
  path: ./infrastructure/addons/csi
-  # dependsOn:
+  dependsOn:
-  #   - name: addon-ccm  # Deferred - CCM suspended for stable baseline
+    - name: addon-ccm
  wait: true
-  timeout: 5m
+  timeout: 10m
-  suspend: true
+  suspend: false