diff --git a/infrastructure/calico/kustomization.yaml b/bootstrap/calico/kustomization.yaml
similarity index 100%
rename from infrastructure/calico/kustomization.yaml
rename to bootstrap/calico/kustomization.yaml
diff --git a/infrastructure/calico/release.yaml b/bootstrap/calico/release.yaml
similarity index 100%
rename from infrastructure/calico/release.yaml
rename to bootstrap/calico/release.yaml
diff --git a/infrastructure/calico/repository.yaml b/bootstrap/calico/repository.yaml
similarity index 100%
rename from infrastructure/calico/repository.yaml
rename to bootstrap/calico/repository.yaml
diff --git a/infrastructure/sources/kustomization.yaml b/bootstrap/kustomization.yaml
similarity index 60%
rename from infrastructure/sources/kustomization.yaml
rename to bootstrap/kustomization.yaml
index 32a9aa060fc0c6501951ba304abb14483130b878..473377f9e99659bd587206e90f6d4f555569af89 100644
--- a/infrastructure/sources/kustomization.yaml
+++ b/bootstrap/kustomization.yaml
@@ -1,5 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: flux-system
 resources:
-  - zalando-postgres.yaml
+  - calico
+  - kyverno
diff --git a/bootstrap/kyverno/kustomization.yaml b/bootstrap/kyverno/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..2f4dcc1d250af0e3c5b43c42e3fb7eede901838a
--- /dev/null
+++ b/bootstrap/kyverno/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kyverno
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
diff --git a/infrastructure/kyverno/namespace.yaml b/bootstrap/kyverno/namespace.yaml
similarity index 100%
rename from infrastructure/kyverno/namespace.yaml
rename to bootstrap/kyverno/namespace.yaml
diff --git a/bootstrap/kyverno/release.yaml b/bootstrap/kyverno/release.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..bd79c6a997a5575192da05ebfa49b443a3ffeeb3
--- /dev/null
+++ b/bootstrap/kyverno/release.yaml
@@ -0,0 +1,19 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kyverno-crds
+  namespace: kyverno
+spec:
+  releaseName: kyverno-crds
+  chart:
+    spec:
+      chart: kyverno-crds
+      sourceRef:
+        kind: HelmRepository
+        name: kyverno
+      version: v2.0.3
+  interval: 5m
+  install:
+    crds: CreateReplace
+  upgrade:
+    crds: CreateReplace
diff --git a/infrastructure/kyverno/repository.yaml b/bootstrap/kyverno/repository.yaml
similarity index 100%
rename from infrastructure/kyverno/repository.yaml
rename to bootstrap/kyverno/repository.yaml
diff --git a/clusters/k8s01/infrastructure.yaml b/clusters/k8s01/infrastructure.yaml
index 46249239f8ae52fb6356a2369688d628eb60978d..ce431e9a2a42de367b18aa493ecf73c51f267c42 100644
--- a/clusters/k8s01/infrastructure.yaml
+++ b/clusters/k8s01/infrastructure.yaml
@@ -4,6 +4,8 @@ metadata:
   name: infrastructure
   namespace: flux-system
 spec:
+  dependsOn:
+    - name: bootstrap
   interval: 10m0s
   sourceRef:
     kind: GitRepository
diff --git a/infrastructure/README.md b/infrastructure/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..f42941ff0341185d9efab11c2da2907783bb55bd
--- /dev/null
+++ b/infrastructure/README.md
@@ -0,0 +1,4 @@
+Infrastructure
+===
+
+Basic building blocks shared across Kubernetes clusters.
diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml
index cd68e04ae9be219f4b5991f6cb80416700d92892..e6c03593cc63ca80123e32443824f5d8bcef62b1 100644
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - calico
-  # kyverno
+  - kyverno
   - hcloud-csi
   - rook
   - cert-manager
+  - prometheus
diff --git a/infrastructure/kyverno/kustomization.yaml b/infrastructure/kyverno/kustomization.yaml
index 3e80f71e0eaf5b4f5de7f855b4c9fb8ce90f4ba1..18b52f1df63515ff779e50d3b6a002a852ee9592 100644
--- a/infrastructure/kyverno/kustomization.yaml
+++ b/infrastructure/kyverno/kustomization.yaml
@@ -2,8 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kyverno
 resources:
-  - namespace.yaml
-  - repository.yaml
   - release.yaml
   - deny-system-namespaces.yaml
   - deny-network-policies.yaml
diff --git a/infrastructure/kyverno/release.yaml b/infrastructure/kyverno/release.yaml
index 6c8a9492890b0407257798980c850b779ba2b5aa..c7bdb5352886e841fdc4aa74be2523411b0de112 100644
--- a/infrastructure/kyverno/release.yaml
+++ b/infrastructure/kyverno/release.yaml
@@ -1,25 +1,5 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
-metadata:
-  name: kyverno-crds
-  namespace: kyverno
-spec:
-  releaseName: kyverno-crds
-  chart:
-    spec:
-      chart: kyverno-crds
-      sourceRef:
-        kind: HelmRepository
-        name: kyverno
-      version: v2.0.3
-  interval: 5m
-  install:
-    crds: CreateReplace
-  upgrade:
-    crds: CreateReplace
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
 metadata:
   name: kyverno
   namespace: kyverno