Ephemeral Castle Proxmox Talos Foundation

Scope

This page documents the provider base used by the active tazlab-k8s cluster.

Current Synthesis

The Proxmox/Talos foundation is built from clusters/tazlab-k8s/live/env.hcl, clusters/tazlab-k8s/live/terragrunt.hcl, clusters/tazlab-k8s/live/secrets/, and the proxmox-talos Terraform module. env.hcl is the source of truth for topology and addresses; the module turns that data into VMs, Talos machine config, bootstrap, and kubeconfig outputs.

Current Topology

  • Proxmox endpoint: 192.168.1.200:8006
  • gateway: 192.168.1.1
  • cluster VIP: 192.168.1.210
  • control-plane node: 192.168.1.211
  • worker node: 192.168.1.214
  • Talos version: v1.12.0
  • topology currently encoded in env.hcl: 1 control plane, 1 worker

Module Behavior

secrets-fetcher

  • reads bootstrap secrets via Terragrunt env vars (set by create.sh from ~/secrets/)

  • the cluster uses secretboxEncryptionSecret from Talos machine secrets (key sourced from ~/secrets/)

  • the worker mounts /var/mnt/longhorn into /var/lib/longhorn

Outputs and Artifacts

  • kubeconfig_raw
  • talos_config
  • Kubernetes client certificate/key/CA outputs
  • local files written to clusters/tazlab-k8s/proxmox/configs/

Relationships

Source Basis

  • clusters/tazlab-k8s/live/env.hcl
  • clusters/tazlab-k8s/live/terragrunt.hcl
  • clusters/tazlab-k8s/live/secrets/terragrunt.hcl
  • clusters/tazlab-k8s/live/platform/terragrunt.hcl
  • clusters/tazlab-k8s/modules/secrets-fetcher/main.tf
  • clusters/tazlab-k8s/modules/proxmox-talos/main.tf