Wow, as I typed this out, it became a much longer answer than I expected.
Summary:
Yes they all happen at the same time. In some contexts you may be able to do with fewer layers, but generally speaking, each layer is addressing a different threat model -- either the information you're protecting or the attacker you're protecting it from are different at each layer.
Are they all used at the same time?
Yes.
Each layer is completely unaware of the existence of the other layers. For example, from the perspective of the software computing the TLS layer, it does its encryption and bundles that ciphertext into TCP packets which it hands to the network drivers. What the network drivers do with those packets is not its concern. From the perspective of the VPN driver (which, let's squint a bit and pretend is prat of the network driver), it is given TCP packets that it has to transport. What is inside those TCP packets is not its concern, so to be safe it encrypts them again.
If encryption and decryption is happening multiple times is it safe to remove all but one of the above?
Maybe yes, maybe no. The answer to that will come down to your threat model. (If you've never done threat modelling before, I quite like the Electronic Frontier Foundation's beginner threat model: what are you protecting and who are you protecting it from.)
WPA2 is part of a wifi connection. It protects data between your device and the access point. If the attacker happens to be between your device and the access point, then you are getting value out of WPA2 protection. If the attacker is on the other side of the access point (say wired to the router) then the WPA2 protection will already have been removed and the plaintext packets forwarded on.
IPsec takes place between your device and a VPN server so that your machine "feels like" its on the local LAN of the VPN server. The typical use of this is to connect your work-from-home computer to an internal corporate network. If the attacker happens to be between your device and the VPN server, then you are getting value out of VPN protection. If the attacker is on the other side of the VPN server (say on the corporate LAN) then the VPN protection will already have been removed and the plaintext packets forwarded on.
TLS takes place between your device and an application server so that you can communicate privately with the app server. If the attacker happens to be between your device and the app server, then you are getting value out of TLS protection. If the attacker is on the other side of the app server (say on the backend network of the service you are using) then the TLS protection will already have been removed and the plaintext packets forwarded on.
PGP takes place between your device and the device of the person you are sending mail to. This is really end-to-end encryption since none of the intermediate servers get to see the plaintext. You can even safe the email to disk in encrypted form!
So the answer here is "It depends where in the network you are worried about the attacker being".
Another thing to consider is that each layer has "metadata" that it cannot fully protect. For example a PGP message needs to include the TO: email address of the recipient. You can't encrypt that with PGP or else the mail server won't know who to deliver it to. So in that case maybe it makes sense to do
pgp_metadata = recipient=my.friend@email.com
pgp_ciphertext = encrypt(recipient=your friend, content="Hey Fred! ...")
Then wrap that in TLS encryption for the email server
tls_metadata = recipient=corp email server
tls_ciphertext = encrypt(recipient=corp email server, content={pgp_metadata, pgp_ciphertext}
Now, maybe that email server is internal to your company and you don't want the world to know that you are sending email, so you wrap that in the VPN:
vpn_metadata = recipient=corp vpn server
vpn_ciphertext = encrypt(recipient=corp vpn server, content={tls_metadata, tls_ciphertext}
Now, maybe you're in a coffee shop you don't want other people on the coffee shop wifi to see that you're using a corporate VPN, so you wrap that in WPA2 encryption:
wpa2_metadata = recipient=wifi access point
wpa2_ciphertext = encrypt(recipient=wifi access point, content={tls_metadata, tls_ciphertext}
Summary, yes they all happen at the same time. In some contexts you may be able to remove one, for example if the TLS server and the VPN server are the same machine (often happens when you have a big fancy load balancer at the outside of a corp network that is both a TLS and VPN server). Or if you don't care about leaking who the recipient is. But generally speaking, each layer is addressing a different threat model -- either the information you're protecting or the attacker you're protecting it from are different at each layer.