Ephemeral Castle Terragrunt Layers
TazLab uses Terragrunt to manage infrastructure complexity through a layered, dependency-aware execution model.
Global Configuration (env.hcl)
All layers source their variables from clusters/tazlab-k8s/live/env.hcl.
| Variable | Current Value | Purpose |
|---|---|---|
cluster_name | tazlab-k8s | VM prefix and context name |
base_domain | tazlab.net | Cluster DNS domain |
acme_email | admin@tazlab.net | Let’s Encrypt contact |
vip_address | 192.168.1.210 | K8s API VIP |
metallb_ip_range | 192.168.1.240-192.168.1.250 | MetalLB pool |
proxmox_endpoint | https://192.168.1.200:8006 | Proxmox API |
gateway | 192.168.1.1 | Network gateway |
talos_version | v1.12.0 | Talos OS version |
git_repository_url | https://github.com/tazzo/tazlab-k8s | Flux Git repo |
flux_branch | master | Flux branch |
infisical_folder_path | /ephemeral-castle/tazlab-k8s/proxmox | Secret source path |
control_plane_nodes | { "01" = "192.168.1.211" } | CP node IPs |
worker_nodes | { "01" = "192.168.1.214" } | Worker node IPs |
The Bootstrap Chain
Phase 1: Sequential Foundation
secrets/: Fetches the Proxmox token and Talos secretbox key.platform/: Creates the VMs (1 CP, 1 Worker) and bootstraps the Talos cluster.engine/: Installs ESO. This layer is critical for subsequent secret delivery.
Phase 2: Parallel Acceleration
Once Phase 1 is done, create.sh launches these simultaneously:
networking/: MetalLB setup.gitops/: Flux bootstrap.storage/: Longhorn setup.
Dry Configuration (DRY)
Each layer directory contains only a terragrunt.hcl file. It uses find_in_parent_folders() to include the root configuration, which automatically generates provider.tf and backend.tf (local state in live/states/).
See Also
- Cycle: Rebirth Protocol
- Hub: Ephemeral Castle Hub