From 4c37399c7582ea2bfb5202c3dde3223f9c43bf59 Mon Sep 17 00:00:00 2001
From: cortex3 <10298122+cortex3@users.noreply.github.com>
Date: Wed, 16 Aug 2023 14:14:27 +0200
Subject: [PATCH] fix hcloud-cloud-controller-manager not working in certain
 setups (#10297)

---
 inventory/sample/group_vars/all/hcloud.yml    |  8 +++++
 ...controller-manager-ds-with-networks.yml.j2 | 24 ++++++++++++++
 ...-hcloud-cloud-controller-manager-ds.yml.j2 | 31 +++++++++++++++++++
 .../external-hcloud-cloud-secret.yml.j2       |  6 +++-
 4 files changed, 68 insertions(+), 1 deletion(-)

diff --git a/inventory/sample/group_vars/all/hcloud.yml b/inventory/sample/group_vars/all/hcloud.yml
index c27035c08..d4ed65cd2 100644
--- a/inventory/sample/group_vars/all/hcloud.yml
+++ b/inventory/sample/group_vars/all/hcloud.yml
@@ -3,6 +3,7 @@
 #   hcloud_api_token: ""
 #   token_secret_name: hcloud
 #   with_networks: false # Use the hcloud controller-manager with networks support https://github.com/hetznercloud/hcloud-cloud-controller-manager#networks-support
+#   network_name: # network name/ID: If you manage the network yourself it might still be required to let the CCM know about private networks
 #   service_account_name: cloud-controller-manager
 #
 #   controller_image_tag: "latest"
@@ -12,3 +13,10 @@
 #   ##    arg1: "value1"
 #   ##    arg2: "value2"
 #   controller_extra_args: {}
+#
+#   load_balancers_location: # mutually exclusive with load_balancers_network_zone
+#   load_balancers_network_zone:
+#   load_balancers_disable_private_ingress: # set to true if using IPVS based plugins https://github.com/hetznercloud/hcloud-cloud-controller-manager/blob/main/docs/load_balancers.md#sample-service-with-networks
+#   load_balancers_use_private_ip: # set to true if using private networks
+#   load_balancers_enabled:
+#   network_routes_enabled:
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yml.j2
index c64a56679..ec64d9a30 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yml.j2
@@ -70,3 +70,27 @@ spec:
                 secretKeyRef:
                   name: {{ external_hcloud_cloud.token_secret_name }}
                   key: network
+{% if external_hcloud_cloud.network_routes_enabled is defined %}
+            - name: HCLOUD_NETWORK_ROUTES_ENABLED
+              value: "{{ external_hcloud_cloud.network_routes_enabled }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_location is defined %}
+            - name: HCLOUD_LOAD_BALANCERS_LOCATION
+              value: "{{ external_hcloud_cloud.load_balancers_location }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_network_zone is defined %}
+            - name: HCLOUD_LOAD_BALANCERS_NETWORK_ZONE
+              value: "{{ external_hcloud_cloud.load_balancers_network_zone }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_disable_private_ingress is defined %}
+            - name: HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS
+              value: "{{ external_hcloud_cloud.load_balancers_disable_private_ingress }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_use_private_ip is defined %}
+            - name: HCLOUD_LOAD_BALANCERS_USE_PRIVATE_IP
+              value: "{{ external_hcloud_cloud.load_balancers_use_private_ip }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_enabled is defined %}
+            - name: HCLOUD_LOAD_BALANCERS_ENABLED
+              value: "{{ external_hcloud_cloud.load_balancers_enabled }}"
+{% endif %}
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yml.j2
index 95473cd59..a581781fb 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yml.j2
@@ -61,3 +61,34 @@ spec:
                 secretKeyRef:
                   name: {{ external_hcloud_cloud.token_secret_name }}
                   key: token
+{% if external_hcloud_cloud.network_name is defined %}
+            - name: HCLOUD_NETWORK
+              valueFrom:
+                secretKeyRef:
+                  name: {{ external_hcloud_cloud.token_secret_name }}
+                  key: network
+{% endif %}
+{% if external_hcloud_cloud.network_routes_enabled is defined %}
+            - name: HCLOUD_NETWORK_ROUTES_ENABLED
+              value: "{{ external_hcloud_cloud.network_routes_enabled }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_location is defined %}
+            - name: HCLOUD_LOAD_BALANCERS_LOCATION
+              value: "{{ external_hcloud_cloud.load_balancers_location }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_network_zone is defined %}
+            - name: HCLOUD_LOAD_BALANCERS_NETWORK_ZONE
+              value: "{{ external_hcloud_cloud.load_balancers_network_zone }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_disable_private_ingress is defined %}
+            - name: HCLOUD_LOAD_BALANCERS_DISABLE_PRIVATE_INGRESS
+              value: "{{ external_hcloud_cloud.load_balancers_disable_private_ingress }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_use_private_ip is defined %}
+            - name: HCLOUD_LOAD_BALANCERS_USE_PRIVATE_IP
+              value: "{{ external_hcloud_cloud.load_balancers_use_private_ip }}"
+{% endif %}
+{% if external_hcloud_cloud.load_balancers_enabled is defined %}
+            - name: HCLOUD_LOAD_BALANCERS_ENABLED
+              value: "{{ external_hcloud_cloud.load_balancers_enabled }}"
+{% endif %}
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2
index a750c2fd9..ab3df74c1 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2
@@ -6,6 +6,10 @@ metadata:
   namespace: kube-system
 data:
   token: "{{ external_hcloud_cloud.hcloud_api_token | b64encode }}"
-{% if external_hcloud_cloud.with_networks  %}
+{% if external_hcloud_cloud.with_networks or external_hcloud_cloud.network_name is defined %}
+{% if network_id is defined%}
   network: "{{ network_id | b64encode }}"
+{% else %}
+  network: "{{ external_hcloud_cloud.network_name | b64encode }}"
+{% endif %}
 {% endif %}
-- 
GitLab