diff --git a/flux/README.md b/flux/README.md
index 72b6f29..6e22a07 100644
--- a/flux/README.md
+++ b/flux/README.md
@@ -21,6 +21,7 @@ flux/
 │   ├── infra-devops/                    # cert-manager, webhook-dnspod, reflector, velero
 │   ├── infra-data/                      # CNPG operator, Barman, PG集群, Valkey
 │   ├── infra-net/                       # ingress-nginx, CrowdSec, Tailscale DERP, 证书
+│   │   └── post/                        # CDN Ingress（依赖 apps，打破循环）
 │   ├── infra-monitor/                   # Loki, Prometheus+Grafana
 │   │   └── post/                        # Promtail（依赖 infra-net，打破循环）
 │   └── infra-gitops/                    # Gitea
@@ -36,6 +37,7 @@ sources → secrets → kube-system → infra-devops → infra-data → infra-da
        → infra-monitor-post (Promtail)
        → infra-gitops
        → apps
+       → infra-net-post (CDN Ingress)
        → infra-gitops-post (suspend=true，需手工凭据)
 ```
 
diff --git a/flux/clusters/base/infra-net.yaml b/flux/clusters/base/infra-net.yaml
index 4a8fb6f..97d31f3 100644
--- a/flux/clusters/base/infra-net.yaml
+++ b/flux/clusters/base/infra-net.yaml
@@ -17,3 +17,21 @@ spec:
     - name: infra-devops
     - name: infra-devops-post
     - name: infra-monitor
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infra-net-post
+  namespace: infra-gitops
+spec:
+  interval: 30m
+  retryInterval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: flux
+  path: ./flux/infrastructure/infra-net/post
+  prune: true
+  wait: true
+  dependsOn:
+    - name: apps
diff --git a/flux/infrastructure/infra-net/kustomization.yaml b/flux/infrastructure/infra-net/kustomization.yaml
index 1c19fa2..db7a5e5 100644
--- a/flux/infrastructure/infra-net/kustomization.yaml
+++ b/flux/infrastructure/infra-net/kustomization.yaml
@@ -5,6 +5,5 @@ resources:
   - helmrelease-ingress-nginx.yaml
   - configmap-static.yaml
   - certificate-dev-cm.yaml
-  - ingress-cdn.yaml
   - helmrelease-crowdsec.yaml
   - helmrelease-tailscale-derp.yaml
diff --git a/flux/infrastructure/infra-net/ingress-cdn.yaml b/flux/infrastructure/infra-net/post/ingress-cdn.yaml
similarity index 100%
rename from flux/infrastructure/infra-net/ingress-cdn.yaml
rename to flux/infrastructure/infra-net/post/ingress-cdn.yaml
diff --git a/flux/infrastructure/infra-net/post/kustomization.yaml b/flux/infrastructure/infra-net/post/kustomization.yaml
new file mode 100644
index 0000000..3b96daa
--- /dev/null
+++ b/flux/infrastructure/infra-net/post/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ingress-cdn.yaml