diff --git a/flux/clusters/restore/infra-devops.yaml b/flux/clusters/restore/infra-devops.yaml
new file mode 100644
index 0000000..3e60eeb
--- /dev/null
+++ b/flux/clusters/restore/infra-devops.yaml
@@ -0,0 +1,17 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infra-devops
+  namespace: infra-gitops
+spec:
+  interval: 30m
+  retryInterval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: flux
+  path: ./flux/infrastructure/infra-devops
+  prune: true
+  wait: true
+  dependsOn:
+    - name: sources
+    - name: secrets
diff --git a/flux/clusters/restore/secrets.yaml b/flux/clusters/restore/secrets.yaml
new file mode 100644
index 0000000..e30274c
--- /dev/null
+++ b/flux/clusters/restore/secrets.yaml
@@ -0,0 +1,22 @@
+# 密钥管理层 - 通过postBuild从flux-env Secret注入变量
+# 所有环境流程一致: kubectl create secret generic flux-env -n infra-gitops --from-env-file=.env
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: secrets
+  namespace: infra-gitops
+spec:
+  interval: 30m
+  retryInterval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: flux
+  path: ./flux/infrastructure/secrets
+  prune: false
+  wait: true
+  dependsOn:
+    - name: sources
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: flux-env
diff --git a/flux/clusters/restore/sources.yaml b/flux/clusters/restore/sources.yaml
new file mode 100644
index 0000000..01f8d4d
--- /dev/null
+++ b/flux/clusters/restore/sources.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: sources
+  namespace: infra-gitops
+spec:
+  interval: 30m
+  retryInterval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: flux
+  path: ./flux/infrastructure/sources
+  prune: true
+  wait: true