Ephemeral Castle Terragrunt Layers

TazLab uses Terragrunt to manage infrastructure complexity through a layered, dependency-aware execution model.

Global Configuration (env.hcl)

All layers source their variables from clusters/tazlab-k8s/live/env.hcl.

VariableCurrent ValuePurpose
cluster_nametazlab-k8sVM prefix and context name
base_domaintazlab.netCluster DNS domain
acme_emailadmin@tazlab.netLet’s Encrypt contact
vip_address192.168.1.210K8s API VIP
metallb_ip_range192.168.1.240-192.168.1.250MetalLB pool
proxmox_endpointhttps://192.168.1.200:8006Proxmox API
gateway192.168.1.1Network gateway
talos_versionv1.12.0Talos OS version
git_repository_urlhttps://github.com/tazzo/tazlab-k8sFlux Git repo
flux_branchmasterFlux branch
infisical_folder_path/ephemeral-castle/tazlab-k8s/proxmoxSecret source path
control_plane_nodes{ "01" = "192.168.1.211" }CP node IPs
worker_nodes{ "01" = "192.168.1.214" }Worker node IPs

The Bootstrap Chain

Phase 1: Sequential Foundation

  1. secrets/: Fetches the Proxmox token and Talos secretbox key.
  2. platform/: Creates the VMs (1 CP, 1 Worker) and bootstraps the Talos cluster.
  3. engine/: Installs ESO. This layer is critical for subsequent secret delivery.

Phase 2: Parallel Acceleration

Once Phase 1 is done, create.sh launches these simultaneously:

  • networking/: MetalLB setup.
  • gitops/: Flux bootstrap.
  • storage/: Longhorn setup.

Dry Configuration (DRY)

Each layer directory contains only a terragrunt.hcl file. It uses find_in_parent_folders() to include the root configuration, which automatically generates provider.tf and backend.tf (local state in live/states/).

See Also