diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 74648d1..302890e 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -242,6 +242,30 @@ jobs:
             fi
           }
 
+          wait_for_resource() {
+            local namespace="$1"
+            local resource="$2"
+            local timeout_seconds="$3"
+            local elapsed=0
+
+            until {
+              if [ -n "${namespace}" ]; then
+                kubectl -n "${namespace}" get "${resource}" >/dev/null 2>&1
+              else
+                kubectl get "${resource}" >/dev/null 2>&1
+              fi
+            }; do
+              if [ "${elapsed}" -ge "${timeout_seconds}" ]; then
+                echo "Timed out waiting for ${resource} to exist" >&2
+                kubectl -n flux-system get kustomizations,helmreleases || true
+                exit 1
+              fi
+
+              sleep 10
+              elapsed=$((elapsed + 10))
+            done
+          }
+
           kubectl create namespace flux-system --dry-run=client -o yaml | kubectl apply -f -
           ssh-keyscan -p "${FLUX_GIT_PORT}" "${FLUX_GIT_HOST}" > /tmp/flux_known_hosts
           kubectl -n flux-system create secret generic flux-system \
@@ -267,7 +291,13 @@ jobs:
           flux_rollout_status helm-controller
           kubectl -n flux-system wait --for=condition=Ready gitrepository/platform --timeout=300s
           kubectl -n flux-system wait --for=condition=Ready kustomization/infrastructure --timeout=600s
-          # Wait for ESO CRDs and deployment directly instead of Flux Kustomization status
+          # Wait for ESO objects to be created before waiting on their conditions
+          wait_for_resource flux-system kustomization.kustomize.toolkit.fluxcd.io/addon-external-secrets 600
+          kubectl -n flux-system wait --for=condition=Ready kustomization/addon-external-secrets --timeout=900s
+          wait_for_resource flux-system helmrelease.helm.toolkit.fluxcd.io/external-secrets 600
+          kubectl -n flux-system wait --for=condition=Ready helmrelease/external-secrets --timeout=900s
+          wait_for_resource "" crd/clustersecretstores.external-secrets.io 900
+          wait_for_resource "" crd/externalsecrets.external-secrets.io 900
           kubectl wait --for=condition=established --timeout=600s crd/clustersecretstores.external-secrets.io
           kubectl wait --for=condition=established --timeout=600s crd/externalsecrets.external-secrets.io
           kubectl -n external-secrets rollout status deployment/external-secrets --timeout=600s