diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index d5912d4..f4038db 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -604,12 +604,12 @@ jobs:
           flux_rollout_status helm-controller
           kubectl -n flux-system wait --for=condition=Ready gitrepository/platform --timeout=300s
           kubectl -n flux-system wait --for=condition=Ready kustomization/infrastructure --timeout=600s
-          reconcile_flux_resource flux-system kustomization/addon-cert-manager 300
+          reconcile_flux_resource flux-system kustomization/addon-cert-manager 1500
           kubectl -n flux-system wait --for=condition=Ready kustomization/addon-cert-manager --timeout=1200s
           kubectl -n flux-system wait --for=condition=Ready helmrelease/cert-manager --timeout=1200s
           # Wait directly on the ESO Helm objects; Kustomization readiness hides useful failure details.
           wait_for_resource flux-system kustomization.kustomize.toolkit.fluxcd.io/addon-external-secrets 600
-          reconcile_flux_resource flux-system kustomization/addon-external-secrets 300
+          reconcile_flux_resource flux-system kustomization/addon-external-secrets 900
           import_required_image oci.external-secrets.io/external-secrets/external-secrets:v2.1.0 "${PRIMARY_CP_IP}"
           wait_for_flux_oci_helm_release external-secrets external-secrets external-secrets 600s 600
           wait_for_resource "" crd/clustersecretstores.external-secrets.io 900
@@ -622,16 +622,16 @@ jobs:
           wait_for_resource external-secrets endpoints/external-secrets-external-secrets-webhook 600
           kubectl -n external-secrets wait --for=jsonpath='{.subsets[0].addresses[0].ip}' endpoints/external-secrets-external-secrets-webhook --timeout=600s
           wait_for_resource flux-system kustomization.kustomize.toolkit.fluxcd.io/addon-external-secrets-store 600
-          reconcile_flux_resource flux-system kustomization/addon-external-secrets-store 300
+          reconcile_flux_resource flux-system kustomization/addon-external-secrets-store 600
           kubectl -n flux-system wait --for=condition=Ready kustomization/addon-external-secrets-store --timeout=600s
           # Wait for the storage layer and private access components
           import_required_image ghcr.io/tailscale/k8s-operator:v1.96.5 "${PRIMARY_CP_IP}"
           import_required_image ghcr.io/tailscale/tailscale:v1.96.5 "${PRIMARY_CP_IP}"
-          reconcile_flux_resource flux-system kustomization/addon-tailscale-operator 300
+          reconcile_flux_resource flux-system kustomization/addon-tailscale-operator 900
           kubectl -n flux-system wait --for=condition=Ready kustomization/addon-tailscale-operator --timeout=600s
           kubectl -n tailscale-system rollout status deployment/operator --timeout=600s
           import_required_image registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2 "${PRIMARY_CP_IP}"
-          reconcile_flux_resource flux-system kustomization/addon-nfs-storage 300
+          reconcile_flux_resource flux-system kustomization/addon-nfs-storage 600
           kubectl -n flux-system wait --for=condition=Ready kustomization/addon-nfs-storage --timeout=300s
           kubectl -n kube-system rollout status deployment/nfs-subdir-external-provisioner --timeout=300s
           kubectl annotate storageclass local-path storageclass.kubernetes.io/is-default-class=false --overwrite
@@ -856,10 +856,10 @@ jobs:
 
           echo "Waiting for Rancher..."
           wait_for_resource flux-system kustomization.kustomize.toolkit.fluxcd.io/addon-rancher-secrets 600
-          reconcile_flux_resource flux-system kustomization/addon-rancher-secrets 300
+          reconcile_flux_resource flux-system kustomization/addon-rancher-secrets 600
           kubectl -n flux-system wait --for=condition=Ready kustomization/addon-rancher-secrets --timeout=600s
           wait_for_resource flux-system kustomization.kustomize.toolkit.fluxcd.io/addon-rancher 600
-          reconcile_flux_resource flux-system kustomization/addon-rancher 300
+          reconcile_flux_resource flux-system kustomization/addon-rancher 1800
           wait_for_resource flux-system helmrelease.helm.toolkit.fluxcd.io/rancher 600
           reconcile_helmrelease rancher 300
           wait_for_helmchart_ready flux-system-rancher rancher 180s 5
@@ -928,10 +928,11 @@ jobs:
 
           reconcile_flux_resource() {
             local resource="$1"
+            local timeout_seconds="${2:-300}"
             local reconcile_at
             reconcile_at="$(date +%s%N)"
             kubectl -n flux-system annotate "${resource}" reconcile.fluxcd.io/requestedAt="${reconcile_at}" --overwrite
-            wait_for_reconcile_handled "${resource}" "${reconcile_at}" 300
+            wait_for_reconcile_handled "${resource}" "${reconcile_at}" "${timeout_seconds}"
           }
 
           reconcile_helmrelease() {
@@ -1025,7 +1026,7 @@ jobs:
             quay.io/prometheus/node-exporter:v1.8.2; do
             import_required_image_on_all_nodes "${image}"
           done
-          reconcile_flux_resource kustomization/addon-observability
+          reconcile_flux_resource kustomization/addon-observability 1200
           kubectl -n flux-system wait --for=condition=Ready kustomization/addon-observability --timeout=1200s
           for release in kube-prometheus-stack loki promtail; do
             reconcile_helmrelease "${release}"