feat(infra-net): add CDN Ingress and related services, restructure kustomization

flux/README.md

@@ -21,6 +21,7 @@ flux/
 │   ├── infra-devops/                    # cert-manager, webhook-dnspod, reflector, velero
 │   ├── infra-data/                      # CNPG operator, Barman, PG集群, Valkey
 │   ├── infra-net/                       # ingress-nginx, CrowdSec, Tailscale DERP, 证书
+│   │   └── post/                        # CDN Ingress（依赖 apps，打破循环）
 │   ├── infra-monitor/                   # Loki, Prometheus+Grafana
 │   │   └── post/                        # Promtail（依赖 infra-net，打破循环）
 │   └── infra-gitops/                    # Gitea
@@ -36,6 +37,7 @@ sources → secrets → kube-system → infra-devops → infra-data → infra-da
        → infra-monitor-post (Promtail)
        → infra-gitops
        → apps
+       → infra-net-post (CDN Ingress)
        → infra-gitops-post (suspend=true，需手工凭据)
 ```
 

flux/clusters/base/infra-net.yaml

@@ -17,3 +17,21 @@ spec:
     - name: infra-devops
     - name: infra-devops-post
     - name: infra-monitor
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infra-net-post
+  namespace: infra-gitops
+spec:
+  interval: 30m
+  retryInterval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: flux
+  path: ./flux/infrastructure/infra-net/post
+  prune: true
+  wait: true
+  dependsOn:
+    - name: apps

flux/infrastructure/infra-net/kustomization.yaml

@@ -5,6 +5,5 @@ resources:
   - helmrelease-ingress-nginx.yaml
   - configmap-static.yaml
   - certificate-dev-cm.yaml
-  - ingress-cdn.yaml
   - helmrelease-crowdsec.yaml
   - helmrelease-tailscale-derp.yaml

flux/infrastructure/infra-net/post/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ingress-cdn.yaml