diff --git a/contrib/terraform/hetzner/README.md b/contrib/terraform/hetzner/README.md
index 747928b33b721cebad930ebac3702ee8c4761470..fdc43f9ffa5af340de042a2939a64122adbb64d1 100644
--- a/contrib/terraform/hetzner/README.md
+++ b/contrib/terraform/hetzner/README.md
@@ -97,6 +97,7 @@ terraform destroy --var-file default.tfvars ../../contrib/terraform/hetzner
 * `prefix`: Prefix to add to all resources, if set to "" don't set any prefix
 * `ssh_public_keys`: List of public SSH keys to install on all machines
 * `zone`: The zone where to run the cluster
+* `network_zone`: the network zone where the cluster is running
 * `machines`: Machines to provision. Key of this object will be used as the name of the machine
   * `node_type`: The role of this node *(master|worker)*
   * `size`: Size of the VM
diff --git a/contrib/terraform/hetzner/default.tfvars b/contrib/terraform/hetzner/default.tfvars
index cb02b142cbbc26d2b3fef48415fd603b4796712d..957b2d523304680ccad664c0cde85dd4fa8a6b85 100644
--- a/contrib/terraform/hetzner/default.tfvars
+++ b/contrib/terraform/hetzner/default.tfvars
@@ -1,6 +1,6 @@
 prefix = "default"
 zone   = "hel1"
-
+network_zone = "eu-central"
 inventory_file = "inventory.ini"
 
 ssh_public_keys = [
diff --git a/contrib/terraform/hetzner/main.tf b/contrib/terraform/hetzner/main.tf
index 130e895835a4a9429af98dd737762778fac7c34a..805c7bfb8724c5800c5928eca14d9d07d81e2b55 100644
--- a/contrib/terraform/hetzner/main.tf
+++ b/contrib/terraform/hetzner/main.tf
@@ -10,6 +10,7 @@ module "kubernetes" {
   machines = var.machines
 
   ssh_public_keys = var.ssh_public_keys
+  network_zone = var.network_zone
 
   ssh_whitelist        = var.ssh_whitelist
   api_server_whitelist = var.api_server_whitelist
@@ -34,9 +35,9 @@ data "template_file" "inventory" {
       keys(module.kubernetes.worker_ip_addresses),
       values(module.kubernetes.worker_ip_addresses).*.public_ip,
     values(module.kubernetes.worker_ip_addresses).*.private_ip))
-
     list_master = join("\n", keys(module.kubernetes.master_ip_addresses))
     list_worker = join("\n", keys(module.kubernetes.worker_ip_addresses))
+    network_id = module.kubernetes.network_id
   }
 }
 
diff --git a/contrib/terraform/hetzner/modules/kubernetes-cluster/main.tf b/contrib/terraform/hetzner/modules/kubernetes-cluster/main.tf
index e8db4e212e6ad179458e2bdff5279419003f5c30..d7ec865d7fa1c002dd4b20226cedb10d9099ef67 100644
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster/main.tf
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster/main.tf
@@ -6,7 +6,7 @@ resource "hcloud_network" "kubernetes" {
 resource "hcloud_network_subnet" "kubernetes" {
   type         = "cloud"
   network_id   = hcloud_network.kubernetes.id
-  network_zone = "eu-central"
+  network_zone = var.network_zone
   ip_range     = var.private_subnet_cidr
 }
 
diff --git a/contrib/terraform/hetzner/modules/kubernetes-cluster/output.tf b/contrib/terraform/hetzner/modules/kubernetes-cluster/output.tf
index 093647f0766cf060d871b329c16b89d60f81ea7a..c6bb276da16f987ecdba0422cd3c335795a459da 100644
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster/output.tf
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster/output.tf
@@ -21,3 +21,7 @@ output "worker_ip_addresses" {
 output "cluster_private_network_cidr" {
   value = var.private_subnet_cidr
 }
+
+output "network_id" {
+  value = hcloud_network.kubernetes.id
+}
\ No newline at end of file
diff --git a/contrib/terraform/hetzner/modules/kubernetes-cluster/variables.tf b/contrib/terraform/hetzner/modules/kubernetes-cluster/variables.tf
index 2789ae17b9a4f360c2a8356e066959fa437f4ec8..7486e0806a593079f0790cb5e817d9083059d11c 100644
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster/variables.tf
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster/variables.tf
@@ -39,3 +39,6 @@ variable "private_network_cidr" {
 variable "private_subnet_cidr" {
   default = "10.0.10.0/24"
 }
+variable "network_zone" {
+  default = "eu-central"
+}
diff --git a/contrib/terraform/hetzner/templates/inventory.tpl b/contrib/terraform/hetzner/templates/inventory.tpl
index 9c562f4df2adca4df487afa275b35bab9538c958..ba71f99607b0b24359e59006c93931546b7838f5 100644
--- a/contrib/terraform/hetzner/templates/inventory.tpl
+++ b/contrib/terraform/hetzner/templates/inventory.tpl
@@ -14,3 +14,6 @@ ${list_worker}
 [k8s-cluster:children]
 kube-master
 kube-node
+
+[k8s-cluster:vars]
+network_id=${network_id}
diff --git a/contrib/terraform/hetzner/variables.tf b/contrib/terraform/hetzner/variables.tf
index 978575078464e15da626711678cf4ffcc657edf0..e83676ad8aff5fd55c69ee26ab857ad72e50b50e 100644
--- a/contrib/terraform/hetzner/variables.tf
+++ b/contrib/terraform/hetzner/variables.tf
@@ -1,6 +1,10 @@
 variable "zone" {
   description = "The zone where to run the cluster"
 }
+variable "network_zone" {
+  description = "The network zone where the cluster is running"
+  default = "eu-central"
+}
 
 variable "prefix" {
   description = "Prefix for resource names"
diff --git a/inventory/sample/group_vars/all/hcloud.yml b/inventory/sample/group_vars/all/hcloud.yml
index ff90dcc8695e7482432df868f2abae37d379d9cd..c27035c08550af7106621ed4baa1ab69a200b9e6 100644
--- a/inventory/sample/group_vars/all/hcloud.yml
+++ b/inventory/sample/group_vars/all/hcloud.yml
@@ -2,7 +2,7 @@
 # external_hcloud_cloud:
 #   hcloud_api_token: ""
 #   token_secret_name: hcloud
-#
+#   with_networks: false # Use the hcloud controller-manager with networks support https://github.com/hetznercloud/hcloud-cloud-controller-manager#networks-support
 #   service_account_name: cloud-controller-manager
 #
 #   controller_image_tag: "latest"
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml
index adaff22194ad8250d3fe077bf259b170e3b34d3b..e09f99d1fab98148b65429342ad915764d1e2486 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml
@@ -9,8 +9,8 @@
     - {name: external-hcloud-cloud-secret, file: external-hcloud-cloud-secret.yml}
     - {name: external-hcloud-cloud-service-account, file: external-hcloud-cloud-service-account.yml}
     - {name: external-hcloud-cloud-role-bindings, file: external-hcloud-cloud-role-bindings.yml}
-    - {name: external-hcloud-cloud-controller-manager-ds, file: external-hcloud-cloud-controller-manager-ds.yml}
-    - {name: external-hcloud-cloud-controller-manager-ds-with-networks, file: external-hcloud-cloud-controller-manager-ds-with-networks.yml}
+    - {name: "{{ 'external-hcloud-cloud-controller-manager-ds-with-networks' if external_hcloud_cloud.with_networks  else 'external-hcloud-cloud-controller-manager-ds' }}", file: "{{ 'external-hcloud-cloud-controller-manager-ds-with-networks.yml' if external_hcloud_cloud.with_networks  else  'external-hcloud-cloud-controller-manager-ds.yml' }}"}
+
   register: external_hcloud_manifests
   when: inventory_hostname == groups['kube_control_plane'][0]
   tags: external-hcloud
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yaml.j2 b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yml.j2
similarity index 91%
rename from roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yaml.j2
rename to roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yml.j2
index 3bbe1075301cf297cd049faebc7b99cc8c9f58b5..cd796e9b72b34d29599ba7f99661d2536c677767 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yaml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds-with-networks.yml.j2
@@ -1,6 +1,6 @@
 ---
 apiVersion: apps/v1
-kind: DeamonSet
+kind: DaemonSet
 metadata:
   name: hcloud-cloud-controller-manager
   namespace: kube-system
@@ -44,10 +44,13 @@ spec:
             - "--allow-untagged-cloud"
             - "--allocate-node-cidrs=true"
             - "--cluster-cidr=10.244.0.0/16"
+{% if external_hcloud_cloud.controller_extra_args is defined %}
+
           args:
 {% for key, value in external_hcloud_cloud.controller_extra_args.items() %}
             - "{{ '--' + key + '=' + value }}"
 {% endfor %}
+{% endif %}
           resources:
             requests:
               cpu: 100m
@@ -60,10 +63,10 @@ spec:
             - name: HCLOUD_TOKEN
               valueFrom:
                 secretKeyRef:
-                  name: hcloud
+                  name: {{ external_hcloud_cloud.token_secret_name }}
                   key: token
             - name: HCLOUD_NETWORK
               valueFrom:
                 secretKeyRef:
                   name: {{ external_hcloud_cloud.token_secret_name }}
-                  key: {{ external_hcloud_cloud.token_secret_key }}
+                  key: network
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yaml.j2 b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yml.j2
similarity index 94%
rename from roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yaml.j2
rename to roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yml.j2
index fecee8d0afe3a131f436711faf29101c6f6d5f6c..95473cd59622670512aad81f685a305edee11208 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yaml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-controller-manager-ds.yml.j2
@@ -1,6 +1,6 @@
 ---
 apiVersion: apps/v1
-kind: DeamonSet
+kind: DaemonSet
 metadata:
   name: hcloud-cloud-controller-manager
   namespace: kube-system
@@ -41,10 +41,12 @@ spec:
             - "--cloud-provider=hcloud"
             - "--leader-elect=false"
             - "--allow-untagged-cloud"
+{% if external_hcloud_cloud.controller_extra_args is defined %}
           args:
 {% for key, value in external_hcloud_cloud.controller_extra_args.items() %}
             - "{{ '--' + key + '=' + value }}"
 {% endfor %}
+{% endif %}
           resources:
             requests:
               cpu: 100m
@@ -58,4 +60,4 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: {{ external_hcloud_cloud.token_secret_name }}
-                  key: {{ external_hcloud_cloud.token_secret_key }}
+                  key: token
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2
index 614d278978c766b4a2bae964777b6237a5770492..c2ea894a9c56cf4348d11180bd745eee331aebe8 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/templates/external-hcloud-cloud-secret.yml.j2
@@ -5,4 +5,7 @@ metadata:
   name: "{{ external_hcloud_cloud.token_secret_name }}"
   namespace: kube-system
 data:
-  token: "{{ external_hcloud_cloud.hcloud_api_token | base64 }}"
+  token: "{{ external_hcloud_cloud.hcloud_api_token | b64encode }}"
+{% if external_hcloud_cloud.with_networks  %}
+  network: "{{ network_id|b64encode }}"
+{% endif %}