Securing GitOps with GPG Signed Commits and Flux Verification

Overview

This article adds GPG commit signing to the homelab repository and configures Flux to reject unsigned commits. Without verification, a compromised GitHub account could push malicious manifests that Flux would blindly deploy. GPG signing ensures only commits signed by your key reach the cluster.