Stop tracking talos kubeconfig; remove Authentik token from git; add Newt kubeseal example

Remove committed talos/kubeconfig (cluster admin credentials). Ignore talos/kubeconfig at repo root. Replace hardcoded LDAP outpost token with AUTHENTIK_LDAP_OUTPOST_TOKEN from .env. Document Sealed Secrets workflow for Newt (kubeseal script + README updates). Clarify Talos secrets use talsecret/SOPS, not Sealed Secrets. Made-with: Cursor
2026-03-28 01:19:58 -04:00
parent a5e624f542
commit a65b553252
10 changed files with 54 additions and 24 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 ansible/inventory/hosts.ini
 # Talos generated
 talos/out/
+talos/kubeconfig

 # Local secrets
 age-key.txt