Stop tracking talos kubeconfig; remove Authentik token from git; add Newt kubeseal example

Remove committed talos/kubeconfig (cluster admin credentials). Ignore talos/kubeconfig at repo root. Replace hardcoded LDAP outpost token with AUTHENTIK_LDAP_OUTPOST_TOKEN from .env. Document Sealed Secrets workflow for Newt (kubeseal script + README updates). Clarify Talos secrets use talsecret/SOPS, not Sealed Secrets. Made-with: Cursor
2026-03-28 01:19:58 -04:00
parent a5e624f542
commit a65b553252
10 changed files with 54 additions and 24 deletions
--- a/komodo/auth/Authentik/compose.yaml
+++ b/komodo/auth/Authentik/compose.yaml
@@ -103,7 +103,7 @@ services:
    environment:
        AUTHENTIK_HOST: https://auth.pcenicni.ca
        AUTHENTIK_INSECURE: "false"
-        AUTHENTIK_TOKEN: 2OutrpIACRD41JdhjiZE6zSL8I48RpwkvnDRVbEPnllDnzdcxO9UJ26iS08Q
+        AUTHENTIK_TOKEN: ${AUTHENTIK_LDAP_OUTPOST_TOKEN:?set AUTHENTIK_LDAP_OUTPOST_TOKEN in .env}
    depends_on:
      postgresql:
        condition: service_healthy