Hardening Flux & the supply chain
Signed commits, verified images.
Hardening Flux spans the controllers, the Git trust, and the supply chain — and Flux’s design gives you strong tools for the last two. Run the controllers with least privilege (they ship with locked-down securityContexts; keep them), restrict them with NetworkPolicies, and use tenant impersonation so reconciliation is scoped. Then lean on verification: enable signed-commit verification on GitRepository sources and Cosign verification on OCIRepository/image sources so Flux only reconciles content from trusted identities.
Git and the whole chain
Because Git is the deploy authority, the source repo needs production-grade protection — branch protection, required reviews, CODEOWNERS, and signed commits that Flux verifies. Store manifests and charts as signed OCI artifacts where you can, verify them, and pair Flux with admission policy (Kyverno/Gatekeeper) so a malicious or mistaken commit that passes source verification still hits a policy gate at admission. Defense in depth: verified source, scoped reconciliation, admission policy, and audited events via notifications.