From db16af0d279f594f925ce5430a2a8181864eb8bb Mon Sep 17 00:00:00 2001
From: Oleksandr Berezovskyi <berezovskyi.oleksandr@gmail.com>
Date: Sat, 21 Feb 2026 23:45:15 +0200
Subject: [PATCH] fix(k8s/infra): split infrastructure into controllers and
 configs stages

ClusterIssuer dry-run fails because cert-manager CRDs are not yet
installed when the single infrastructure Kustomization is applied.
Split into infrastructure-controllers (Helm charts that install CRDs)
and infrastructure-configs (CRD-dependent resources like ClusterIssuer)
with a dependency between them.
---
 kubernetes/app/ks.yaml                        |  2 +-
 .../clusterissuer.sops.yaml                   |  0
 .../authelia/configmap.sops.yaml              |  0
 .../{ => controllers}/authelia/namespace.yaml |  0
 .../{ => controllers}/authelia/pvc.yaml       |  0
 .../{ => controllers}/authelia/release.yaml   |  0
 .../authelia/repository.yaml                  |  0
 .../authelia/secret.sops.yaml                 |  0
 .../cert-manager/namespace.yaml               |  0
 .../cert-manager/release.yaml                 |  0
 .../cert-manager/repository.yaml              |  0
 .../nfs-provisioner/release.yaml              |  0
 .../nfs-provisioner/repository.yaml           |  0
 .../secret-cloudflare.sops.yaml               |  0
 .../{ => controllers}/traefik/namespace.yaml  |  0
 .../{ => controllers}/traefik/release.yaml    |  0
 .../{ => controllers}/traefik/repository.yaml |  0
 kubernetes/infrastructure/ks.yaml             | 27 +++++++++++++++++--
 18 files changed, 26 insertions(+), 3 deletions(-)
 rename kubernetes/infrastructure/{cert-manager => configs}/clusterissuer.sops.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/authelia/configmap.sops.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/authelia/namespace.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/authelia/pvc.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/authelia/release.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/authelia/repository.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/authelia/secret.sops.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/cert-manager/namespace.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/cert-manager/release.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/cert-manager/repository.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/nfs-provisioner/release.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/nfs-provisioner/repository.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/secret-cloudflare.sops.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/traefik/namespace.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/traefik/release.yaml (100%)
 rename kubernetes/infrastructure/{ => controllers}/traefik/repository.yaml (100%)

diff --git a/kubernetes/app/ks.yaml b/kubernetes/app/ks.yaml
index 7beeb89..a99d95c 100644
--- a/kubernetes/app/ks.yaml
+++ b/kubernetes/app/ks.yaml
@@ -12,7 +12,7 @@ spec:
     kind: GitRepository
     name: flux-system
   dependsOn:
-    - name: infrastructure
+    - name: infrastructure-configs
     - name: config
   decryption:
     provider: sops
diff --git a/kubernetes/infrastructure/cert-manager/clusterissuer.sops.yaml b/kubernetes/infrastructure/configs/clusterissuer.sops.yaml
similarity index 100%
rename from kubernetes/infrastructure/cert-manager/clusterissuer.sops.yaml
rename to kubernetes/infrastructure/configs/clusterissuer.sops.yaml
diff --git a/kubernetes/infrastructure/authelia/configmap.sops.yaml b/kubernetes/infrastructure/controllers/authelia/configmap.sops.yaml
similarity index 100%
rename from kubernetes/infrastructure/authelia/configmap.sops.yaml
rename to kubernetes/infrastructure/controllers/authelia/configmap.sops.yaml
diff --git a/kubernetes/infrastructure/authelia/namespace.yaml b/kubernetes/infrastructure/controllers/authelia/namespace.yaml
similarity index 100%
rename from kubernetes/infrastructure/authelia/namespace.yaml
rename to kubernetes/infrastructure/controllers/authelia/namespace.yaml
diff --git a/kubernetes/infrastructure/authelia/pvc.yaml b/kubernetes/infrastructure/controllers/authelia/pvc.yaml
similarity index 100%
rename from kubernetes/infrastructure/authelia/pvc.yaml
rename to kubernetes/infrastructure/controllers/authelia/pvc.yaml
diff --git a/kubernetes/infrastructure/authelia/release.yaml b/kubernetes/infrastructure/controllers/authelia/release.yaml
similarity index 100%
rename from kubernetes/infrastructure/authelia/release.yaml
rename to kubernetes/infrastructure/controllers/authelia/release.yaml
diff --git a/kubernetes/infrastructure/authelia/repository.yaml b/kubernetes/infrastructure/controllers/authelia/repository.yaml
similarity index 100%
rename from kubernetes/infrastructure/authelia/repository.yaml
rename to kubernetes/infrastructure/controllers/authelia/repository.yaml
diff --git a/kubernetes/infrastructure/authelia/secret.sops.yaml b/kubernetes/infrastructure/controllers/authelia/secret.sops.yaml
similarity index 100%
rename from kubernetes/infrastructure/authelia/secret.sops.yaml
rename to kubernetes/infrastructure/controllers/authelia/secret.sops.yaml
diff --git a/kubernetes/infrastructure/cert-manager/namespace.yaml b/kubernetes/infrastructure/controllers/cert-manager/namespace.yaml
similarity index 100%
rename from kubernetes/infrastructure/cert-manager/namespace.yaml
rename to kubernetes/infrastructure/controllers/cert-manager/namespace.yaml
diff --git a/kubernetes/infrastructure/cert-manager/release.yaml b/kubernetes/infrastructure/controllers/cert-manager/release.yaml
similarity index 100%
rename from kubernetes/infrastructure/cert-manager/release.yaml
rename to kubernetes/infrastructure/controllers/cert-manager/release.yaml
diff --git a/kubernetes/infrastructure/cert-manager/repository.yaml b/kubernetes/infrastructure/controllers/cert-manager/repository.yaml
similarity index 100%
rename from kubernetes/infrastructure/cert-manager/repository.yaml
rename to kubernetes/infrastructure/controllers/cert-manager/repository.yaml
diff --git a/kubernetes/infrastructure/nfs-provisioner/release.yaml b/kubernetes/infrastructure/controllers/nfs-provisioner/release.yaml
similarity index 100%
rename from kubernetes/infrastructure/nfs-provisioner/release.yaml
rename to kubernetes/infrastructure/controllers/nfs-provisioner/release.yaml
diff --git a/kubernetes/infrastructure/nfs-provisioner/repository.yaml b/kubernetes/infrastructure/controllers/nfs-provisioner/repository.yaml
similarity index 100%
rename from kubernetes/infrastructure/nfs-provisioner/repository.yaml
rename to kubernetes/infrastructure/controllers/nfs-provisioner/repository.yaml
diff --git a/kubernetes/infrastructure/secret-cloudflare.sops.yaml b/kubernetes/infrastructure/controllers/secret-cloudflare.sops.yaml
similarity index 100%
rename from kubernetes/infrastructure/secret-cloudflare.sops.yaml
rename to kubernetes/infrastructure/controllers/secret-cloudflare.sops.yaml
diff --git a/kubernetes/infrastructure/traefik/namespace.yaml b/kubernetes/infrastructure/controllers/traefik/namespace.yaml
similarity index 100%
rename from kubernetes/infrastructure/traefik/namespace.yaml
rename to kubernetes/infrastructure/controllers/traefik/namespace.yaml
diff --git a/kubernetes/infrastructure/traefik/release.yaml b/kubernetes/infrastructure/controllers/traefik/release.yaml
similarity index 100%
rename from kubernetes/infrastructure/traefik/release.yaml
rename to kubernetes/infrastructure/controllers/traefik/release.yaml
diff --git a/kubernetes/infrastructure/traefik/repository.yaml b/kubernetes/infrastructure/controllers/traefik/repository.yaml
similarity index 100%
rename from kubernetes/infrastructure/traefik/repository.yaml
rename to kubernetes/infrastructure/controllers/traefik/repository.yaml
diff --git a/kubernetes/infrastructure/ks.yaml b/kubernetes/infrastructure/ks.yaml
index b62891b..6eb6a6a 100644
--- a/kubernetes/infrastructure/ks.yaml
+++ b/kubernetes/infrastructure/ks.yaml
@@ -2,11 +2,11 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: infrastructure
+  name: infrastructure-controllers
   namespace: flux-system
 spec:
   interval: 10m
-  path: ./kubernetes/infrastructure
+  path: ./kubernetes/infrastructure/controllers
   prune: true
   sourceRef:
     kind: GitRepository
@@ -21,3 +21,26 @@ spec:
     substituteFrom:
     - kind: Secret
       name: cluster-vars
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infrastructure-configs
+  namespace: flux-system
+spec:
+  interval: 10m
+  path: ./kubernetes/infrastructure/configs
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  dependsOn:
+    - name: infrastructure-controllers
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  postBuild:
+    substituteFrom:
+    - kind: Secret
+      name: cluster-vars