Ephemeral Castle Architecture
ephemeral-castle is a multi-cluster IaC framework designed for disposable infrastructure. It provisions the provider-specific foundation (Proxmox VMs, Talos OS, Hetzner VPS) required for TazLab.
Repository Mapping (High Resolution)
| Path | Responsibility | Technology |
|---|---|---|
clusters/tazlab-k8s/live/ | The 6 sequential/parallel bootstrap layers. | Terragrunt/Terraform |
clusters/tazlab-k8s/proxmox/ | Rebirth scripts and generated configs. | Bash / Talosctl |
clusters/tazlab-k8s/modules/ | Reusable cluster components. | Terraform |
runtimes/lushycorp-vault/ | Hetzner Vault execution track. | Ansible / Terraform |
tailscale/ | Tailnet identity and ACL governance. | Terraform |
Terraform Modules Inventory
These modules live in clusters/tazlab-k8s/modules/:
secrets-fetcher: RetrievesPROXMOX_TOKENandTALOS_SECRETBOX_KEYfrom Infisical.proxmox-talos: Provisions QEMU VMs and applies machine configuration.k8s-engine: Deploys ESO (External Secrets Operator).k8s-networking: Deploys MetalLB and IP pools.k8s-flux: Bootstraps the Flux CD controllers.k8s-storage: Deploys Longhorn and S3 backup config.
The Handoff Principle
Infrastructure code here is strictly separated from application code. ephemeral-castle does not know what applications run on the cluster; it only knows how to provide a healthy API server and a connection to the Tailscale Mesh.
See Also
- Layers: Terragrunt Layers
- Lifecycle: Rebirth Protocol
- Hub: Ephemeral Castle Hub