https://johanneskueber.com/tags/flux/Recent content in Flux on johanneskueber.comHugoen_USMon, 15 Jun 2026 00:00:00 +0000https://johanneskueber.com/posts/2026-06-15-signed-oci-deployments/Mon, 15 Jun 2026 00:00:00 +0000https://johanneskueber.com/posts/2026-06-15-signed-oci-deployments/<h1 id="signed-oci-artifacts-for-flux-with-cosign-and-gitea">Signed OCI Artifacts for Flux with Cosign and Gitea</h1> <p>Flux will happily pull a Git repository, run <code>kustomize build</code> over a folder, and apply the result. I ran it that way for a long time and it works. What it does not give you is any statement about <em>what</em> is being applied or <em>where it came from</em>. The source of truth is a mutable branch - anyone who can write to that path, or anything that can, changes what lands in the cluster on the next reconcile. There is no integrity check sitting between &ldquo;a commit exists&rdquo; and &ldquo;this is what is running in production.&rdquo;</p>