diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 5b7f1be..fdf77d9 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -232,10 +232,41 @@ jobs:
         env:
           ANSIBLE_HOST_KEY_CHECKING: "False"
 
+      - name: Install kubectl
+        run: |
+          curl -fsSL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/$(curl -fsSL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          chmod +x /usr/local/bin/kubectl
+
+      - name: Bootstrap Flux source and reconciliation graph
+        env:
+          KUBECONFIG: outputs/kubeconfig
+          FLUX_GIT_HOST: 64.176.189.59
+          FLUX_GIT_PORT: "2222"
+        run: |
+          kubectl create namespace flux-system --dry-run=client -o yaml | kubectl apply -f -
+          ssh-keyscan -p "${FLUX_GIT_PORT}" "${FLUX_GIT_HOST}" > /tmp/flux_known_hosts
+          kubectl -n flux-system create secret generic flux-system \
+            --from-file=identity="$HOME/.ssh/id_ed25519" \
+            --from-file=known_hosts=/tmp/flux_known_hosts \
+            --dry-run=client -o yaml | kubectl apply -f -
+          kubectl apply -k clusters/prod/flux-system
+          kubectl -n flux-system rollout status deployment/source-controller --timeout=180s
+          kubectl -n flux-system rollout status deployment/kustomize-controller --timeout=180s
+          kubectl -n flux-system rollout status deployment/helm-controller --timeout=180s
+          kubectl -n flux-system wait --for=condition=Ready gitrepository/platform --timeout=180s
+          kubectl -n flux-system wait --for=condition=Ready kustomization/infrastructure --timeout=300s
+          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-external-secrets --timeout=300s
+          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-ccm --timeout=300s
+          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-csi --timeout=300s
+          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-tailscale-operator --timeout=300s
+          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-observability --timeout=300s
+          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-observability-content --timeout=300s
+
       - name: Post-deploy cluster health checks
         working-directory: ansible
         run: |
           ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl get nodes -o wide"
+          ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl -n flux-system get gitrepositories,kustomizations,helmreleases"
           ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl -n kube-system get pods -o wide"
           ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl get storageclass"
           ansible -i inventory.ini 'control_plane[0]' -m command -a "kubectl -n observability get pods -o wide"