Ephemeral Castle Proxmox Talos Foundation

Scope

This page documents the provider base used by the active tazlab-k8s cluster.

Current Synthesis

The Proxmox/Talos foundation is built from clusters/tazlab-k8s/live/env.hcl, clusters/tazlab-k8s/live/terragrunt.hcl, clusters/tazlab-k8s/live/secrets/, and the proxmox-talos Terraform module. env.hcl is the source of truth for topology and addresses; the module turns that data into VMs, Talos machine config, bootstrap, and kubeconfig outputs.

Current Topology

  • Proxmox endpoint: 192.168.1.200:8006
  • gateway: 192.168.1.1
  • cluster VIP: 192.168.1.210
  • control-plane node: 192.168.1.211
  • worker node: 192.168.1.214
  • Talos version: v1.12.0
  • topology currently encoded in env.hcl: 1 control plane, 1 worker

Module Behavior

secrets-fetcher

  • reads Infisical via the Terragrunt-generated provider
  • generates TALOS_SECRETBOX_KEY if it is missing
  • returns the Proxmox token pair and Talos secretbox key as sensitive outputs

proxmox-talos

  • creates Proxmox VMs for control plane and worker nodes
  • uses 4 vCPU and 8 GB RAM per node
  • gives the worker a second 40 GB disk for Longhorn backing storage
  • applies Talos machine config to the nodes
  • boots the cluster on the control-plane VIP
  • writes kubeconfig and talosconfig to local files

Talos Machine Configuration

  • control plane and workers use static ens18 addressing
  • control plane nodes advertise the VIP on the interface
  • nameservers are set to 1.1.1.1 and 8.8.8.8
  • Talos installs from the pinned factory.talos.dev image hash
  • kernel modules enabled for storage: iscsi_tcp, nbd, configfs
  • the control plane injects a CoreDNS patch that answers AAAA queries with NOERROR to suppress IPv6 behavior in this environment
  • the cluster uses secretboxEncryptionSecret from Infisical-backed secrets
  • the worker mounts /var/mnt/longhorn into /var/lib/longhorn

Outputs and Artifacts

  • kubeconfig_raw
  • talos_config
  • Kubernetes client certificate/key/CA outputs
  • local files written to clusters/tazlab-k8s/proxmox/configs/

Relationships

Source Basis

  • clusters/tazlab-k8s/live/env.hcl
  • clusters/tazlab-k8s/live/terragrunt.hcl
  • clusters/tazlab-k8s/live/secrets/terragrunt.hcl
  • clusters/tazlab-k8s/live/platform/terragrunt.hcl
  • clusters/tazlab-k8s/modules/secrets-fetcher/main.tf
  • clusters/tazlab-k8s/modules/proxmox-talos/main.tf