syself
diff --git a/‎.golangci.yaml‎
Lines changed: 4 additions & 1 deletion b/‎.golangci.yaml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎api/v1beta1/conditions_const.go‎
Lines changed: 97 additions & 0 deletions b/‎api/v1beta1/conditions_const.go‎
Lines changed: 97 additions & 0 deletions
diff --git a/‎api/v1beta1/hetznercluster_types.go‎
Lines changed: 85 additions & 0 deletions b/‎api/v1beta1/hetznercluster_types.go‎
Lines changed: 85 additions & 0 deletions
diff --git a/‎api/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 27 additions & 0 deletions b/‎api/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎config/crd/bases/infrastructure.cluster.x-k8s.io_hetznerclusters.yaml‎
Lines changed: 68 additions & 0 deletions b/‎config/crd/bases/infrastructure.cluster.x-k8s.io_hetznerclusters.yaml‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎controllers/controllers_suite_test.go‎
Lines changed: 36 additions & 0 deletions b/‎controllers/controllers_suite_test.go‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎controllers/hcloudmachine_controller.go‎
Lines changed: 1 addition & 1 deletion b/‎controllers/hcloudmachine_controller.go‎
Lines changed: 1 addition & 1 deletion
@@ -190,12 +190,15 @@ linters:
       # helper packages. We intentionally keep these imports while CAPH stays on the
       # v1beta1 Cluster API contract (removed upstream tentatively Aug 2026). Suppress
       # the per-import deprecation warnings so real SA1019 hits still surface.
+      # The conditions/v1beta2 subpath is the v1beta2 helper package designed for
+      # v1beta1-contract resources (HCloudMachine etc. store v1beta2 conditions in a
+      # separate field)
       - linters:
           - staticcheck
         text: 'SA1019: "sigs\.k8s\.io/cluster-api/api/core/v1beta1" is deprecated'
       - linters:
           - staticcheck
-        text: 'SA1019: "sigs\.k8s\.io/cluster-api/util/deprecated/v1beta1/(patch|conditions)" is deprecated'
+        text: 'SA1019: "sigs\.k8s\.io/cluster-api/util/deprecated/v1beta1/(patch|conditions(/v1beta2)?)" is deprecated'
       # CAPI deprecated clusterv1.ConditionType (the v1beta1 condition typedef) when the v1beta2
       # condition list landed. Test helpers still need it to assert against legacy-shadow conditions.
       - linters:
 
@@ -295,3 +295,100 @@ const (
 	// BootIDEmptyReason indicates that an empty boot ID is present on the node object.
 	BootIDEmptyReason = "BootIDEmpty"
 )
+
+// v1beta2 conditions.
+
+// common conditions used across resource types.
+
+const (
+	// HCloudRateLimitExceededV1Beta2Condition reports on whether the HCloud API rate limit has been exceeded.
+	HCloudRateLimitExceededV1Beta2Condition = "HCloudRateLimitExceeded"
+	// HCloudRateLimitExceededV1Beta2Reason indicates that the HCloud API rate limit has been exceeded.
+	HCloudRateLimitExceededV1Beta2Reason = "Exceeded"
+)
+
+const (
+	// HCloudTokenAvailableV1Beta2Condition reports on whether the HCloud Token is available.
+	HCloudTokenAvailableV1Beta2Condition = "HCloudTokenAvailable"
+	// HCloudTokenAvailableV1Beta2Reason indicates that the HCloudToken is available.
+	HCloudTokenAvailableV1Beta2Reason = clusterv1beta1.AvailableV1Beta2Reason
+	// HCloudTokenInvalidV1Beta2Reason indicates that the HCloudToken is invalid.
+	HCloudTokenInvalidV1Beta2Reason = "Invalid"
+	// SecretUnreachableV1Beta2Reason indicates that secret containing the HCloudToken is unreachable.
+	SecretUnreachableV1Beta2Reason = "SecretUnreachable" // #nosec
+)
+
+const (
+	// InternalErrorV1Beta2Reason indicates an internal error in reconciler.
+	InternalErrorV1Beta2Reason = "InternalError"
+)
+
+// HetznerCluster's v1beta2 conditions.
+
+const (
+	// NetworkReadyV1Beta2Condition reports on whether the network is ready.
+	NetworkReadyV1Beta2Condition = "NetworkReady"
+	// NetworkReadyV1Beta2Reason indicates that the network is ready.
+	NetworkReadyV1Beta2Reason = clusterv1beta1.ReadyV1Beta2Reason
+	// NetworkReconcilingFailedV1Beta2Reason indicates that reconciling the network failed.
+	NetworkReconcilingFailedV1Beta2Reason = "ReconcilingFailed"
+)
+
+const (
+	// LoadBalancerReadyV1Beta2Condition reports on whether a control plane load balancer was successfully reconciled.
+	LoadBalancerReadyV1Beta2Condition = "LoadBalancerReady"
+	// LoadBalancerReadyV1Beta2Reason indicates that a control plane load balancer is ready.
+	LoadBalancerReadyV1Beta2Reason = clusterv1beta1.ReadyV1Beta2Reason
+	// LoadBalancerCreationFailedV1Beta2Reason indicates that load balancer creation failed.
+	LoadBalancerCreationFailedV1Beta2Reason = "CreationFailed"
+	// LoadBalancerReadyMissingControlPlaneEndpointV1Beta2Reason indicates that the control plane endpoint is not set.
+	LoadBalancerReadyMissingControlPlaneEndpointV1Beta2Reason = "MissingControlPlaneEndpoint"
+	// LoadBalancerReadySyncingServicesFailedV1Beta2Reason indicates that there an error occurred while syncing services of load balancer.
+	LoadBalancerReadySyncingServicesFailedV1Beta2Reason = "SyncingServicesFailed"
+	// LoadBalancerReadyAttachingToNetworkFailedV1Beta2Reason indicates that the server could not be attached to network.
+	LoadBalancerReadyAttachingToNetworkFailedV1Beta2Reason = "AttachingToNetworkFailed"
+	// LoadBalancerOwningFailedV1Beta2Reason indicates no owned label could be set on a load balancer.
+	LoadBalancerOwningFailedV1Beta2Reason = "OwningFailed"
+	// LoadBalancerUpdateFailedV1Beta2Reason indicates that an error occurred during load balancer update.
+	LoadBalancerUpdateFailedV1Beta2Reason = "UpdateFailed"
+	// LoadBalancerDeletionFailedV1Beta2Reason indicates that an error occurred during load balancer delete.
+	LoadBalancerDeletionFailedV1Beta2Reason = "DeletionFailed"
+)
+
+const (
+	// PlacementGroupsSyncedV1Beta2Condition reports on whether the placement groups are successfully synced.
+	PlacementGroupsSyncedV1Beta2Condition = "PlacementGroupsSynced"
+	// PlacementGroupsSyncingFailedV1Beta2Reason indicates that syncing the placement groups failed.
+	PlacementGroupsSyncingFailedV1Beta2Reason = "SyncingFailed"
+	// PlacementGroupsSyncedV1Beta2Reason indicates that placement groups are synced successfully.
+	PlacementGroupsSyncedV1Beta2Reason = "Synced"
+)
+
+const (
+	// ControlPlaneEndpointSetV1Beta2Condition reports on whether the control plane endpoint is set.
+	ControlPlaneEndpointSetV1Beta2Condition = "ControlPlaneEndpointSet"
+	// ControlPlaneEndpointSetV1Beta2Reason indicates that the control plane endpoint is set.
+	ControlPlaneEndpointSetV1Beta2Reason = "Set"
+	// ControlPlaneEndpointNotSetV1Beta2Reason indicates that the control plane endpoint is not set.
+	ControlPlaneEndpointNotSetV1Beta2Reason = "NotSet"
+)
+
+const (
+	// TargetClusterReadyV1Beta2Condition reports on whether the kubeconfig in the target cluster is ready.
+	TargetClusterReadyV1Beta2Condition = "TargetClusterReady"
+	// TargetClusterReadyV1Beta2Reason indicates that the kubeconfig in the target cluster is ready.
+	TargetClusterReadyV1Beta2Reason = clusterv1beta1.ReadyV1Beta2Reason
+	// TargetClusterCreationFailedV1Beta2Reason indicates that the target cluster could not be created.
+	TargetClusterCreationFailedV1Beta2Reason = "CreationFailed"
+)
+
+const (
+	// TargetClusterSecretReadyV1Beta2Condition reports on whether the hetzner secret in the target cluster is ready.
+	TargetClusterSecretReadyV1Beta2Condition = "TargetClusterSecretReady"
+	// TargetClusterSecretReadyV1Beta2Reason indicates that the the hetzner secret in the target cluster is ready.
+	TargetClusterSecretReadyV1Beta2Reason = clusterv1beta1.ReadyV1Beta2Reason
+	// TargetClusterControlPlaneNotReadyV1Beta2Reason indicates that the target cluster's control plane is not ready yet.
+	TargetClusterControlPlaneNotReadyV1Beta2Reason = "ControlPlaneNotReady"
+	// TargetClusterSyncingSecretFailedV1Beta2Reason indicates that the secret could not be synced.
+	TargetClusterSyncingSecretFailedV1Beta2Reason = "SyncingSecretFailed"
+)
@@ -19,6 +19,7 @@ package v1beta1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	clusterv1beta1 "sigs.k8s.io/cluster-api/api/core/v1beta1"
+	v1beta2conditions "sigs.k8s.io/cluster-api/util/deprecated/v1beta1/conditions/v1beta2"
 )
 
 const (
@@ -94,6 +95,21 @@ type HetznerClusterStatus struct {
 	HCloudPlacementGroups []HCloudPlacementGroupStatus  `json:"hcloudPlacementGroups,omitempty"`
 	FailureDomains        clusterv1beta1.FailureDomains `json:"failureDomains,omitempty"`
 	Conditions            clusterv1beta1.Conditions     `json:"conditions,omitempty"`
+
+	// v1beta2 groups all the fields that will be added or modified in HetznerCluster's status with the V1Beta2 version.
+	// +optional
+	V1Beta2 *HetznerClusterV1Beta2Status `json:"v1beta2,omitempty"`
+}
+
+// HetznerClusterV1Beta2Status groups all the fields that will be added or modified in HetznerCluster with the V1Beta2 version.
+// See https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more context.
+type HetznerClusterV1Beta2Status struct {
+	// conditions represents the observations of a HetznerCluster's current state.
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	// +kubebuilder:validation:MaxItems=32
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
 }
 
 // +kubebuilder:object:root=true
@@ -137,6 +153,75 @@ func (r *HetznerCluster) SetConditions(conditions clusterv1beta1.Conditions) {
 	r.Status.Conditions = conditions
 }
 
+// GetV1Beta2Conditions returns the set of v1beta2 conditions for the HetznerCluster object.
+func (r *HetznerCluster) GetV1Beta2Conditions() []metav1.Condition {
+	if r.Status.V1Beta2 == nil {
+		return nil
+	}
+	return r.Status.V1Beta2.Conditions
+}
+
+// SetV1Beta2Conditions sets v1beta2 conditions for the HetznerCluster object.
+func (r *HetznerCluster) SetV1Beta2Conditions(conditions []metav1.Condition) {
+	if r.Status.V1Beta2 == nil {
+		r.Status.V1Beta2 = &HetznerClusterV1Beta2Status{}
+	}
+	r.Status.V1Beta2.Conditions = conditions
+}
+
+// ClusterV1Beta2SummaryOpts returns the v1beta2 summary options for a HetznerCluster.
+// It is the single source of truth for which conditions contribute to the Ready summary,
+// used both by ClusterScope.Close() and by early-exit error paths that bypass the scope.
+func ClusterV1Beta2SummaryOpts() []v1beta2conditions.SummaryOption {
+	return []v1beta2conditions.SummaryOption{
+		// The summary is derived from all condition types listed in ForConditionTypes.
+		// The order matters: it defines the priority in which conditions surface in the summary.
+		v1beta2conditions.ForConditionTypes{
+			HCloudTokenAvailableV1Beta2Condition,
+			HCloudRateLimitExceededV1Beta2Condition,
+			clusterv1beta1.DeletingV1Beta2Condition,
+			NetworkReadyV1Beta2Condition,
+			LoadBalancerReadyV1Beta2Condition,
+			PlacementGroupsSyncedV1Beta2Condition,
+			ControlPlaneEndpointSetV1Beta2Condition,
+			TargetClusterReadyV1Beta2Condition,
+			TargetClusterSecretReadyV1Beta2Condition,
+		},
+		// IgnoreTypesIfMissing lists conditions that may legitimately not be present on the object.
+		// If any of these are missing, the summary treats them as if they are healthy.
+		v1beta2conditions.IgnoreTypesIfMissing{
+			NetworkReadyV1Beta2Condition,
+			LoadBalancerReadyV1Beta2Condition,
+			HCloudRateLimitExceededV1Beta2Condition,
+			clusterv1beta1.DeletingV1Beta2Condition,
+		},
+		// CustomMergeStrategy is used only to override the merge reasons, so
+		// the Ready summary uses CAPI's standard Ready reasons (Ready /
+		// NotReady / ReadyUnknown) instead of the generic merge defaults
+		// (IssuesReported / UnknownReported / InfoReported).
+		//
+		// Negative polarity is passed directly into GetDefaultMergePriorityFunc
+		// here. When a CustomMergeStrategy is provided, NewSummaryCondition
+		// skips the path that wires up the NegativePolarityConditionTypes
+		// SummaryOption into the default strategy, so the negative-polarity
+		// types must be specified explicitly inside the strategy.
+		v1beta2conditions.CustomMergeStrategy{
+			MergeStrategy: v1beta2conditions.DefaultMergeStrategy(
+				v1beta2conditions.GetPriorityFunc(v1beta2conditions.GetDefaultMergePriorityFunc(
+					// conditions with negative polarity
+					HCloudRateLimitExceededV1Beta2Condition,
+					clusterv1beta1.DeletingV1Beta2Condition,
+				)),
+				v1beta2conditions.ComputeReasonFunc(v1beta2conditions.GetDefaultComputeMergeReasonFunc(
+					clusterv1beta1.NotReadyV1Beta2Reason,
+					clusterv1beta1.ReadyUnknownV1Beta2Reason,
+					clusterv1beta1.ReadyV1Beta2Reason,
+				)),
+			),
+		},
+	}
+}
+
 // ClusterTagKey generates the key for resources associated with a cluster.
 func (r *HetznerCluster) ClusterTagKey() string {
 	return NameHetznerProviderOwned + r.Name
 
@@ -512,6 +512,74 @@ spec:
               ready:
                 default: false
                 type: boolean
+              v1beta2:
+                description: v1beta2 groups all the fields that will be added or modified
+                  in HetznerCluster's status with the V1Beta2 version.
+                properties:
+                  conditions:
+                    description: conditions represents the observations of a HetznerCluster's
+                      current state.
+                    items:
+                      description: Condition contains details for one aspect of the
+                        current state of this API Resource.
+                      properties:
+                        lastTransitionTime:
+                          description: |-
+                            lastTransitionTime is the last time the condition transitioned from one status to another.
+                            This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                          format: date-time
+                          type: string
+                        message:
+                          description: |-
+                            message is a human readable message indicating details about the transition.
+                            This may be an empty string.
+                          maxLength: 32768
+                          type: string
+                        observedGeneration:
+                          description: |-
+                            observedGeneration represents the .metadata.generation that the condition was set based upon.
+                            For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                            with respect to the current state of the instance.
+                          format: int64
+                          minimum: 0
+                          type: integer
+                        reason:
+                          description: |-
+                            reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                            Producers of specific condition types may define expected values and meanings for this field,
+                            and whether the values are considered a guaranteed API.
+                            The value should be a CamelCase string.
+                            This field may not be empty.
+                          maxLength: 1024
+                          minLength: 1
+                          pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                          type: string
+                        status:
+                          description: status of the condition, one of True, False,
+                            Unknown.
+                          enum:
+                          - "True"
+                          - "False"
+                          - Unknown
+                          type: string
+                        type:
+                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                          maxLength: 316
+                          pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                          type: string
+                      required:
+                      - lastTransitionTime
+                      - message
+                      - reason
+                      - status
+                      - type
+                      type: object
+                    maxItems: 32
+                    type: array
+                    x-kubernetes-list-map-keys:
+                    - type
+                    x-kubernetes-list-type: map
+                type: object
             required:
             - ready
             type: object
 
@@ -39,6 +39,7 @@ import (
 	clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2"
 	deprecatedv1beta1conditions "sigs.k8s.io/cluster-api/util/conditions/deprecated/v1beta1"
 	v1beta1conditions "sigs.k8s.io/cluster-api/util/deprecated/v1beta1/conditions"
+	v1beta2conditions "sigs.k8s.io/cluster-api/util/deprecated/v1beta1/conditions/v1beta2"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake"
@@ -482,6 +483,41 @@ func isPresentAndTrue(key types.NamespacedName, getter v1beta1conditions.Getter,
 	return objectCondition.Status == corev1.ConditionTrue
 }
 
+func isV1Beta2ConditionWithStatusAndReason(key types.NamespacedName, getter client.Object, condition string, status metav1.ConditionStatus, reason string) bool {
+	if err := testEnv.Get(ctx, key, getter); err != nil {
+		return false
+	}
+
+	v1beta2Getter, ok := getter.(v1beta2conditions.Getter)
+	if !ok || !v1beta2conditions.Has(v1beta2Getter, condition) {
+		return false
+	}
+
+	objectCondition := v1beta2conditions.Get(v1beta2Getter, condition)
+	return objectCondition.Status == status && objectCondition.Reason == reason
+}
+
+func isPresentAndTrueWithReasonV1Beta2(key types.NamespacedName, getter client.Object, condition string, reason string) bool {
+	return isV1Beta2ConditionWithStatusAndReason(key, getter, condition, metav1.ConditionTrue, reason)
+}
+
+func isPresentAndFalseWithReasonV1Beta2(key types.NamespacedName, getter client.Object, condition string, reason string) bool {
+	return isV1Beta2ConditionWithStatusAndReason(key, getter, condition, metav1.ConditionFalse, reason)
+}
+
+func isAbsentV1Beta2(key types.NamespacedName, getter client.Object, condition string) bool {
+	if err := testEnv.Get(ctx, key, getter); err != nil {
+		return false
+	}
+
+	v1beta2Getter, ok := getter.(v1beta2conditions.Getter)
+	if !ok {
+		return false
+	}
+
+	return !v1beta2conditions.Has(v1beta2Getter, condition)
+}
+
 func hasEvent(ctx context.Context, c client.Client, namespace, involvedObjectName, reason, message string) bool {
 	eventList := &corev1.EventList{}
 	if err := c.List(ctx, eventList, client.InNamespace(namespace)); err != nil {
 
@@ -144,7 +144,7 @@ func (r *HCloudMachineReconciler) Reconcile(ctx context.Context, req reconcile.R
 	secretManager := secretutil.NewSecretManager(log, r, r.APIReader)
 	hcloudToken, hetznerSecret, err := getAndValidateHCloudToken(ctx, req.Namespace, hetznerCluster, secretManager)
 	if err != nil {
-		return hcloudTokenErrorResult(ctx, err, hcloudMachine, r)
+		return hcloudTokenErrorResult(ctx, err, hcloudMachine, r, nil)
 	}
 
 	hcc := r.HCloudClientFactory.NewClient(hcloudToken)
Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,7 @@ func (r *HCloudMachineReconciler) Reconcile(ctx context.Context, req reconcile.R`
`144`	`144`	`secretManager := secretutil.NewSecretManager(log, r, r.APIReader)`
`145`	`145`	`hcloudToken, hetznerSecret, err := getAndValidateHCloudToken(ctx, req.Namespace, hetznerCluster, secretManager)`
`146`	`146`	`if err != nil {`
`147`		`- return hcloudTokenErrorResult(ctx, err, hcloudMachine, r)`
	`147`	`+ return hcloudTokenErrorResult(ctx, err, hcloudMachine, r, nil)`
`148`	`148`	`}`
`149`	`149`
`150`	`150`	`hcc := r.HCloudClientFactory.NewClient(hcloudToken)`