Organizations
An organization is the top-level container for all your Teabar resources. Organizations group seminars, environments, team members, and consolidate billing.
Organization Hierarchy
┌─────────────────────────────────────────────────────────────────────┐
│ Organization │
│ "acme-training" │
│ │
│ ┌────────────────────────────────────────────────────────────────┐ │
│ │ Seminars │ │
│ │ ┌─────────────────┐ ┌─────────────────┐ ┌────────────────┐ │ │
│ │ │ Kubernetes 101 │ │ GitOps Workshop │ │ Linux Basics │ │ │
│ │ │ │ │ │ │ │ │ │
│ │ │ ┌───────────┐ │ │ ┌───────────┐ │ │ ┌───────────┐ │ │ │
│ │ │ │ Session 1 │ │ │ │ Session 1 │ │ │ │ Session 1 │ │ │ │
│ │ │ │ Session 2 │ │ │ └───────────┘ │ │ │ Session 2 │ │ │ │
│ │ │ │ Session 3 │ │ │ │ │ └───────────┘ │ │ │
│ │ │ └───────────┘ │ │ │ │ │ │ │
│ │ └─────────────────┘ └─────────────────┘ └────────────────┘ │ │
│ └────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌────────────────────────────────────────────────────────────────┐ │
│ │ Standalone Environments │ │
│ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ │
│ │ │ dev-lab │ │ sandbox │ │ demo-01 │ ... │ │
│ │ └─────────┘ └─────────┘ └─────────┘ │ │
│ └────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌────────────────────────────────────────────────────────────────┐ │
│ │ Blueprints │ │
│ │ kubernetes-basic, webapp-stack, gitops-demo, ... │ │
│ └────────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────────┘Key Concepts
| Resource | Purpose | Lifetime |
|---|---|---|
| Seminars | Group related training sessions | Ongoing |
| Sessions | Time-bound training events | Hours to days |
| Standalone Environments | Persistent labs, demos, testing | Until destroyed |
| Blueprints | Infrastructure templates | Reusable |
Creating an Organization
# Create a new organization
teactl org create acme-training
# Create with display name
teactl org create acme-training --display-name "Acme Training Inc."
# Set as default organization
teactl org create acme-training --set-defaultManaging Organizations
# List your organizations
teactl org list
# Switch active organization
teactl org use acme-training
# View organization details
teactl org info acme-training
# Update organization settings
teactl org update acme-training --display-name "Acme Training Corp."Multi-Organization Membership
Users can belong to multiple organizations:
# List organizations you belong to
teactl org list
# Output:
# NAME ROLE DEFAULT
# acme-training owner *
# partner-corp member
# client-org admin
# Switch context
teactl org use partner-corpNote
Your default organization is used when you don't specify
--org in commands.Organization Roles
Members have different roles within an organization:
| Role | Description | Permissions |
|---|---|---|
owner | Full control | All permissions, can delete org |
admin | Administrative access | Manage members, seminars, billing |
instructor | Training delivery | Create/manage sessions, view participants |
member | Standard access | Create standalone environments |
viewer | Read-only access | View resources, no changes |
Managing Members
# Invite a new member
teactl org member add [email protected] --role instructor
# Change member role
teactl org member update [email protected] --role admin
# Remove a member
teactl org member remove [email protected]
# List all members
teactl org member listTeams
Teams let you group members for easier permission management:
# Create a team
teactl team create trainers --org acme-training
# Add members to team
teactl team member add trainers [email protected]
# Grant team access to seminar
teactl seminar grant kubernetes-101 --team trainers --role instructorTeam Permissions
# Grant team access to environments
teactl env grant dev-lab --team platform-team --role admin
# Grant team access to seminar
teactl seminar grant kubernetes-101 --team trainers --role instructor
# Revoke access
teactl env revoke dev-lab --team platform-teamCloud Provider Configuration
Configure cloud providers at the organization level:
# Add Hetzner credentials
teactl org provider add hetzner
--api-token hcloud_...
# Add AWS credentials
teactl org provider add aws
--access-key-id AKIA...
--secret-access-key ...
# Add Azure credentials
teactl org provider add azure
--subscription-id ...
--tenant-id ...
--client-id ...
--client-secret ...
# List configured providers
teactl org provider listWarning
Provider credentials are stored securely and encrypted. Individual users don't need direct access to these credentials.
Bring Your Own Kubernetes
Connect existing Kubernetes clusters:
# Add existing cluster
teactl org provider add byok
--name my-cluster
--kubeconfig ~/.kube/config
--context productionQuotas and Limits
Control resource usage across the organization:
# Set environment limit
teactl org quota set --max-environments 100
# Set concurrent session limit
teactl org quota set --max-concurrent-sessions 10
# Set cost limit (monthly)
teactl org quota set --max-monthly-cost 5000
# View current usage
teactl org quota status
# Output:
# Quota Usage:
# Environments: 34/100
# Concurrent Sessions: 2/10
# Monthly Cost: $1,234 / $5,000Billing
Organization billing consolidates all costs:
# View current month's costs
teactl org billing summary
# View detailed breakdown
teactl org billing details --month 2024-06
# Export billing data
teactl org billing export --format csv --output billing.csvCost Breakdown
# View costs by seminar
teactl org billing summary --group-by seminar
# View costs by team
teactl org billing summary --group-by team
# View infrastructure costs
teactl org billing summary --group-by providerPricing Tiers
| Tier | Best For | Features |
|---|---|---|
| Free | Evaluation | Limited environments, community support |
| Pro | Teams | Increased quotas, priority support |
| Enterprise | Large orgs | Self-hosted, SSO, unlimited quotas |
API Keys
Create API keys for automation:
# Create an API key
teactl org apikey create ci-automation --role member
# Create with expiration
teactl org apikey create temp-key --role viewer --expires 30d
# List API keys
teactl org apikey list
# Revoke an API key
teactl org apikey revoke ci-automationWarning
API keys inherit the permissions of their assigned role. Follow the principle of least privilege.
Deleting an Organization
# Delete organization (requires confirmation)
teactl org delete acme-training
# All resources must be cleaned up first
teactl seminar list --org acme-training
teactl env list --org acme-trainingWarning
Deleting an organization is permanent. All seminars, sessions, environments, and historical data will be deleted.
Best Practices
- Use descriptive names: Organization slugs should be clear (e.g.,
acme-training, notorg1) - Assign appropriate roles: Instructors don’t need admin access
- Set quotas early: Prevent unexpected costs
- Configure providers once: Team members inherit access
- Regular audits: Review member access periodically