Ephemeral Castle Operational Cheat Sheet

This page provides a quick reference for common commands and maintenance tasks within the ephemeral-castle repository.

Cluster Lifecycle (tazlab-k8s)

Run these from clusters/tazlab-k8s/proxmox/:

Action	Command
Full Bootstrap	`./create.sh`
Full Teardown	`./destroy.sh`
Force VM Delete	`./nuclear-wipe.sh`
Check Logs	`ls -ltr logs/`

Manual Terragrunt Operations

To apply changes to a specific layer without a full rebirth:

Export Secrets (from TazPod):

export INFISICAL_CLIENT_ID=$(cat ~/secrets/infisical-client-id)
export INFISICAL_CLIENT_SECRET=$(cat ~/secrets/infisical-client-secret)
export PROXMOX_TOKEN_ID=$(cat ~/secrets/proxmox-token-id)
export PROXMOX_TOKEN_SECRET=$(cat ~/secrets/proxmox-token-secret)

Navigate to Layer:

cd clusters/tazlab-k8s/live/<layer-name>

Execute:
```
terragrunt plan
terragrunt apply
```

Networking (Tailscale)

Run these from tailscale/:

Action	Command
Apply ACL/OAuth	`./setup.sh`
Manual Plan	`terraform plan`

Note: setup.sh automatically handles credential extraction and TazPod vault updates.

Vault Runtime (Hetzner)

Run these from runtimes/lushycorp-vault/hetzner/:

Action	Command
Create/Restore	`./create.sh`
Nuclear Destroy	`./destroy.sh`

Common Debugging Tools

Talos OS

Check Dashboard: talosctl dashboard --talosconfig clusters/tazlab-k8s/proxmox/configs/talosconfig
Get Config: talosctl get machineconfig

Kubernetes

Access Cluster: kubectl --kubeconfig clusters/tazlab-k8s/proxmox/configs/kubeconfig get nodes
Flux Status: flux get kustomizations
ESO Logs: kubectl logs -n external-secrets -l app.kubernetes.io/name=external-secrets

Proxmox

List VMs: qm list (on the Proxmox host)
Check Task Log: Look at the Proxmox Web UI “Tasks” pane.

Ephemeral Castle Operational Cheat Sheet#

Cluster Lifecycle (tazlab-k8s)#

Manual Terragrunt Operations#

Networking (Tailscale)#

Vault Runtime (Hetzner)#

Common Debugging Tools#

Talos OS#

Kubernetes#

Proxmox#