gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Stop tracking talos kubeconfig; remove Authentik token from git; add Newt kubeseal example

Browse Source 
Remove committed talos/kubeconfig (cluster admin credentials). Ignore talos/kubeconfig at repo root.
Replace hardcoded LDAP outpost token with AUTHENTIK_LDAP_OUTPOST_TOKEN from .env.
Document Sealed Secrets workflow for Newt (kubeseal script + README updates). Clarify Talos secrets use talsecret/SOPS, not Sealed Secrets.

Made-with: Cursor
This commit is contained in:
Nikholas Pcenicni
2026-03-28 01:19:58 -04:00
parent a5e624f542
commit a65b553252
10 changed files with 54 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clusters/noble/apps/sealed-secrets/README.md
View File

@@ -37,6 +37,8 @@ kubectl create secret generic example --from-literal=foo=bar --dry-run=client -o
Commit `example-sealedsecret.yaml`; apply it with `kubectl apply -f`. The controller creates the **Secret** in the same namespace as the **SealedSecret**.
**Noble example:** `examples/kubeseal-newt-pangolin-auth.sh` (Newt / Pangolin tunnel credentials).
## Backup the sealing key
If the controllers private key is lost, existing sealed files cannot be decrypted on a new cluster. Back up the key secret after install: