diff --git a/inventory/sample/group_vars/all/hcloud.yml b/inventory/sample/group_vars/all/hcloud.yml
index c27035c08550af7106621ed4baa1ab69a200b9e6..d4ed65cd265ddc1bf2fabd9c2463f0caa66c34a9 100644
--- a/inventory/sample/group_vars/all/hcloud.yml
+++ b/inventory/sample/group_vars/all/hcloud.yml
@@ -3,6 +3,7 @@
# hcloud_api_token: ""
# token_secret_name: hcloud
# with_networks: false # Use the hcloud controller-manager with networks support https://github.com/hetznercloud/hcloud-cloud-controller-manager#networks-support
+# network_name: # network name/ID: If you manage the network yourself it might still be required to let the CCM know about private networks
# service_account_name: cloud-controller-manager
#
# controller_image_tag: "latest"
@@ -12,3 +13,10 @@
# ## arg1: "value1"
# ## arg2: "value2"
# controller_extra_args: {}
+#
+# load_balancers_location: # mutually exclusive with load_balancers_network_zone
+# load_balancers_network_zone:
+# load_balancers_disable_private_ingress: # set to true if using IPVS based plugins https://github.com/hetznercloud/hcloud-cloud-controller-manager/blob/main/docs/load_balancers.md#sample-service-with-networks
+# load_balancers_use_private_ip: # set to true if using private networks
+# load_balancers_enabled:
+# network_routes_enabled:
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yml.j2
index c64a56679fa27a62f8cc2abee1b04e88c7f80c6d..ec64d9a3079d0f165bb23c1b121d0e2b173d58a0 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yml.j2
@@ -70,3 +70,27 @@ spec:
secretKeyRef:
name: {{ external_hcloud_cloud.token_secret_name }}
key: network
+{% if external_hcloud_cloud.network_routes_enabled is defined %}
+ - name: HCLOUD_NETWORK_ROUTES_ENABLED
+ value: "{{ external_hcloud_cloud.network_routes_enabled }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_location is defined %}
+ - name: HCLOUD_LOAD_BALANCERS_LOCATION
+ value: "{{ external_hcloud_cloud.load_balancers_location }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_network_zone is defined %}
+ - name: HCLOUD_LOAD_BALANCERS_NETWORK_ZONE
+ value: "{{ external_hcloud_cloud.load_balancers_network_zone }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_disable_private_ingress is defined %}
+ - name: HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS
+ value: "{{ external_hcloud_cloud.load_balancers_disable_private_ingress }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_use_private_ip is defined %}
+ - name: HCLOUD_LOAD_BALANCERS_USE_PRIVATE_IP
+ value: "{{ external_hcloud_cloud.load_balancers_use_private_ip }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_enabled is defined %}
+ - name: HCLOUD_LOAD_BALANCERS_ENABLED
+ value: "{{ external_hcloud_cloud.load_balancers_enabled }}"
+{% endif %}
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yml.j2
index 95473cd59622670512aad81f685a305edee11208..a581781fbc8ceb61913c23e2dba8e73ee7379fbc 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yml.j2
@@ -61,3 +61,34 @@ spec:
secretKeyRef:
name: {{ external_hcloud_cloud.token_secret_name }}
key: token
+{% if external_hcloud_cloud.network_name is defined %}
+ - name: HCLOUD_NETWORK
+ valueFrom:
+ secretKeyRef:
+ name: {{ external_hcloud_cloud.token_secret_name }}
+ key: network
+{% endif %}
+{% if external_hcloud_cloud.network_routes_enabled is defined %}
+ - name: HCLOUD_NETWORK_ROUTES_ENABLED
+ value: "{{ external_hcloud_cloud.network_routes_enabled }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_location is defined %}
+ - name: HCLOUD_LOAD_BALANCERS_LOCATION
+ value: "{{ external_hcloud_cloud.load_balancers_location }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_network_zone is defined %}
+ - name: HCLOUD_LOAD_BALANCERS_NETWORK_ZONE
+ value: "{{ external_hcloud_cloud.load_balancers_network_zone }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_disable_private_ingress is defined %}
+ - name: HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS
+ value: "{{ external_hcloud_cloud.load_balancers_disable_private_ingress }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_use_private_ip is defined %}
+ - name: HCLOUD_LOAD_BALANCERS_USE_PRIVATE_IP
+ value: "{{ external_hcloud_cloud.load_balancers_use_private_ip }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_enabled is defined %}
+ - name: HCLOUD_LOAD_BALANCERS_ENABLED
+ value: "{{ external_hcloud_cloud.load_balancers_enabled }}"
+{% endif %}
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2
index a750c2fd9fa0243625b61a9b8e5b28490d2336ae..ab3df74c1ac116a408315460acaad903d60e8794 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2
@@ -6,6 +6,10 @@ metadata:
namespace: kube-system
data:
token: "{{ external_hcloud_cloud.hcloud_api_token | b64encode }}"
-{% if external_hcloud_cloud.with_networks %}
+{% if external_hcloud_cloud.with_networks or external_hcloud_cloud.network_name is defined %}
+{% if network_id is defined%}
network: "{{ network_id | b64encode }}"
+{% else %}
+ network: "{{ external_hcloud_cloud.network_name | b64encode }}"
+{% endif %}
{% endif %}