Infrastructure
Teabar provisions real infrastructure for your environments. Unlike container-based sandboxes, Teabar creates actual virtual machines, Kubernetes clusters, networks, and storage on cloud providers, giving participants production-like environments.
How Infrastructure Provisioning Works
When you launch an environment, Teabar:
- Parses the blueprint to identify required resources (VMs, clusters, networks)
- Generates Terraform configuration for the target cloud provider
- Provisions resources via the provider’s API
- Configures networking for isolation and access
- Bootstraps services defined in the blueprint
- Exposes access through the Teabar gateway
The entire process typically completes in 2-10 minutes depending on complexity.
Blueprint Terraform Cloud Provider
│ │ │
│ resources: │ resource "hcloud_server" │
│ - type: vm │ name = "env-participant" │
│ provider: hetzner ───┼──► server_type = "cx21" ───┼──► VM Created
│ size: cx21 │ image = "ubuntu-22.04" │
│ │ │Supported Providers
Hetzner Cloud
Primary provider with excellent price-performance. Recommended for most use cases.
AWS
Enterprise cloud with global presence. Ideal for compliance requirements.
Azure
Microsoft cloud with AD integration. Great for Microsoft-centric organizations.
Provider Comparison
| Feature | Hetzner | AWS | Azure |
|---|---|---|---|
| Pricing | Lowest | Highest | High |
| Provisioning Speed | ~2 min | ~3-5 min | ~3-5 min |
| Locations | EU, US | Global | Global |
| Kubernetes | Talos, K3s | EKS | AKS |
| Compliance | Basic | SOC2, HIPAA, etc. | SOC2, HIPAA, etc. |
| Best For | Cost-effective labs | Enterprise, compliance | Microsoft ecosystems |
Tip
Hetzner Cloud is the recommended provider for most educational and training use cases due to its exceptional price-performance ratio.
Resource Types
Teabar can provision these infrastructure resources:
Compute
| Resource | Description | Providers |
|---|---|---|
| Virtual Machines | Standalone VMs for participants | All |
| Kubernetes Clusters | Full K8s clusters with control plane | All |
| Kubernetes Workers | Additional worker nodes | All |
Networking
| Resource | Description | Providers |
|---|---|---|
| Private Networks | Isolated VPC/VNet per environment | All |
| Subnets | Network segmentation | All |
| Load Balancers | L4/L7 traffic distribution | All |
| Firewalls | Network security rules | All |
| Floating IPs | Static public IP addresses | Hetzner |
Storage
| Resource | Description | Providers |
|---|---|---|
| Block Volumes | Persistent block storage | All |
| Volume Attachments | Connect volumes to VMs | All |
DNS
| Resource | Description | Providers |
|---|---|---|
| DNS Zones | Managed DNS zones | All |
| DNS Records | A, CNAME, TXT records | All |
Kubernetes Support
Teabar supports multiple Kubernetes distributions:
| Distribution | Type | Use Case |
|---|---|---|
| Talos | Self-managed | Secure, immutable, API-driven (recommended) |
| K3s | Self-managed | Lightweight, fast bootstrap |
| EKS | Managed (AWS) | Production-grade, AWS integration |
| AKS | Managed (Azure) | Production-grade, Azure integration |
Networking Architecture
Each environment gets isolated networking:
┌─────────────────────────────────────────────────────────┐
│ Environment Network │
│ 10.0.0.0/16 │
│ │
│ ┌─────────────────┐ ┌─────────────────────────────┐ │
│ │ Control Plane │ │ Participant Subnet │ │
│ │ 10.0.1.0/24 │ │ 10.0.10.0/24 │ │
│ │ │ │ │ │
│ │ ┌───────────┐ │ │ ┌─────┐ ┌─────┐ ┌─────┐ │ │
│ │ │ K8s API │ │ │ │ P1 │ │ P2 │ │ P3 │ │ │
│ │ └───────────┘ │ │ └─────┘ └─────┘ └─────┘ │ │
│ └─────────────────┘ └─────────────────────────────┘ │
│ │
│ ┌─────────────┐ │
│ │ Firewall │ │
│ └──────┬──────┘ │
└───────────────────────────┼─────────────────────────────┘
│
▼
InternetPerformance Targets
| Operation | Target Time |
|---|---|
| Single VM | ~2 minutes |
| Private Network | ~30 seconds |
| 3-node K8s cluster | ~5 minutes |
| Full environment (10 VMs) | ~10 minutes |
Cost Tracking
Teabar tracks infrastructure costs in real-time:
- Per-resource tracking - Know exactly what each VM, volume, or load balancer costs
- Per-environment aggregation - See total cost for each environment
- Organization rollups - Track spending across all environments
- Automatic cleanup - Prevent runaway costs with expiration and sleep policies
# View environment cost
teactl env get my-workshop --show-cost
# View organization spending
teactl org usage --period monthSecurity
Network Isolation
Every environment runs in its own isolated network:
- No cross-environment traffic - Environments cannot communicate with each other
- Default-deny firewalls - Only explicitly allowed traffic is permitted
- Egress controls - Optional internet access restrictions
Resource Labeling
All provisioned resources are tagged for tracking and auditing:
labels = {
environment = "env-abc123"
organization = "acme-corp"
managed_by = "teabar"
}Configuration
Provider Credentials
Configure provider credentials at the organization level:
# Set Hetzner API token
teactl org provider set hetzner --token <HCLOUD_TOKEN>
# Set AWS credentials
teactl org provider set aws
--access-key <AWS_ACCESS_KEY_ID>
--secret-key <AWS_SECRET_ACCESS_KEY>
--region us-east-1
# Set Azure credentials
teactl org provider set azure
--subscription <AZURE_SUBSCRIPTION_ID>
--tenant <AZURE_TENANT_ID>
--client-id <AZURE_CLIENT_ID>
--client-secret <AZURE_CLIENT_SECRET>Default Provider
Set a default provider for your organization:
teactl org provider default hetznerNote
Self-hosted Teabar requires configuring provider credentials. Teabar Cloud includes pre-configured Hetzner infrastructure.