Cloud Providers

Teabar provisions infrastructure across multiple cloud providers. Each provider offers different tradeoffs in terms of pricing, performance, compliance, and geographic availability.

Supported Providers

Provider Comparison

Pricing

Provider	2 vCPU / 4GB VM	4 vCPU / 16GB VM	Managed K8s
Hetzner	~$0.01/hr	~$0.03/hr	N/A (self-managed)
AWS	~$0.05/hr	~$0.17/hr	$0.10/hr + nodes
Azure	~$0.05/hr	~$0.17/hr	Free + nodes

Tip

Hetzner is typically 3-5x cheaper than hyperscalers for equivalent compute resources.

Locations

Provider	Regions
Hetzner	Germany (Falkenstein, Nuremberg), Finland (Helsinki), US (Ashburn, Hillsboro)
AWS	30+ regions worldwide
Azure	60+ regions worldwide

Provisioning Speed

Provider	Single VM	3-node Cluster	Full Environment
Hetzner	~90 sec	~4 min	~8 min
AWS	~2-3 min	~8 min	~15 min
Azure	~2-3 min	~8 min	~15 min

Kubernetes Options

Provider	Distributions	Managed Service
Hetzner	Talos, K3s, Kubeadm	No
AWS	Talos, K3s, EKS	EKS
Azure	Talos, K3s, AKS	AKS

Compliance & Certifications

Provider	Certifications
Hetzner	ISO 27001, SOC 1
AWS	SOC 1/2/3, ISO 27001, HIPAA, PCI DSS, FedRAMP
Azure	SOC 1/2/3, ISO 27001, HIPAA, PCI DSS, FedRAMP

Choosing a Provider

Use Hetzner When

Cost is a priority - Best price-performance for compute
EU data residency - German and Finnish locations
Training environments - Maximize participants per dollar
Self-managed Kubernetes - Talos or K3s clusters

Use AWS When

Compliance requirements - HIPAA, PCI DSS, FedRAMP
Global presence needed - 30+ regions worldwide
AWS service integration - Using RDS, S3, Lambda, etc.
Managed Kubernetes - EKS with AWS integrations

Use Azure When

Microsoft ecosystem - Active Directory, Office 365 integration
Azure service integration - Using Azure SQL, Blob Storage, etc.
Enterprise agreements - Existing Azure commitments
Managed Kubernetes - AKS with Azure integrations

Provider Configuration

Organization-Level Setup

Configure provider credentials for your organization:

# Hetzner Cloud
teactl org provider set hetzner 
  --token <HCLOUD_TOKEN>

# AWS
teactl org provider set aws 
  --access-key <AWS_ACCESS_KEY_ID> 
  --secret-key <AWS_SECRET_ACCESS_KEY> 
  --region us-east-1

# Azure
teactl org provider set azure 
  --subscription <AZURE_SUBSCRIPTION_ID> 
  --tenant <AZURE_TENANT_ID> 
  --client-id <AZURE_CLIENT_ID> 
  --client-secret <AZURE_CLIENT_SECRET>

Default Provider

Set a default provider for new environments:

teactl org provider default hetzner

Multiple Providers

You can configure multiple providers and select per-environment:

# blueprint.yaml
spec:
  infrastructure:
    provider: aws  # Override default provider
    region: us-west-2

Multi-Region Environments

Teabar supports environments that span multiple regions within a single provider. This enables:

Geo-distributed deployments - Resources close to participants worldwide
Disaster recovery - Cross-region redundancy
Compliance - Data residency in specific regions

Multi-Region Configuration

spec:
  infrastructure:
    provider: hetzner
    
    # Primary region
    primaryRegion: fsn1
    
    # Additional regions
    regions:
      - location: nbg1
        role: secondary
      - location: hel1
        role: participant-resources
    
    # Cross-region networking
    networking:
      type: wireguard        # wireguard | vpc-peering
      meshEnabled: true      # Full mesh between regions

Regional Resource Placement

Place specific resources in specific regions:

resources:
  clusters:
    - name: control-plane
      region: fsn1           # Primary region
      
    - name: eu-workers
      region: nbg1           # Germany
      
    - name: us-workers
      region: ash            # US East (Ashburn)

  vms:
    - name: participant-{{ .Index }}
      # Auto-place near participants based on their location
      region: auto

Cross-Region Networking

Same Hetzner Location	Different Locations
Native private network	WireGuard mesh VPN
Low latency (<1ms)	Higher latency (10-100ms)
No additional cost	Minimal overhead

Multi-Region DNS

Teabar automatically configures GeoDNS for multi-region environments:

gitlab.workshop.teabar.dev
├── EU users → fsn1 cluster
├── US users → ash cluster
└── Asia users → nearest available

Note

Multi-region environments have separate cost tracking per region. View regional breakdown with teactl cost --by-region.

Blueprint Provider Selection

Specify the provider in your blueprint:

apiVersion: teabar.dev/v1
kind: Blueprint
metadata:
  name: my-workshop
spec:
  infrastructure:
    provider: hetzner
    location: fsn1

  resources:
    - name: participant-vm
      type: vm
      spec:
        size: cx21
        image: ubuntu-22.04

Or allow the environment creator to choose:

spec:
  parameters:
    - name: provider
      type: string
      default: hetzner
      enum: [hetzner, aws, azure]
      description: Cloud provider

  infrastructure:
    provider: "{{ .Parameters.provider }}"

Resource Mapping

Teabar maps abstract resource definitions to provider-specific resources:

VM Sizes

Teabar Size	Hetzner	AWS	Azure
`small`	cx11 (1 vCPU, 2GB)	t3.micro	B1s
`medium`	cx21 (2 vCPU, 4GB)	t3.small	B2s
`large`	cx31 (2 vCPU, 8GB)	t3.medium	B2ms
`xlarge`	cx41 (4 vCPU, 16GB)	t3.large	B4ms

Or specify provider-native sizes directly:

resources:
  - name: participant-vm
    type: vm
    spec:
      size: cx21  # Hetzner-specific
      # or
      size: t3.medium  # AWS-specific

Images

Teabar Image	Hetzner	AWS	Azure
`ubuntu-22.04`	ubuntu-22.04	ami-xxx	Canonical:…
`debian-12`	debian-12	ami-xxx	Debian:…
`talos`	Custom snapshot	Custom AMI	Custom image

Terraform Backend

Teabar stores Terraform state in PostgreSQL, isolated per environment:

┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐
│   Environment   │     │   Terraform     │     │   PostgreSQL    │
│   Blueprint     │────►│   Generator     │────►│   State Store   │
└─────────────────┘     └─────────────────┘     └─────────────────┘
                               │
                               ▼
                        ┌─────────────────┐
                        │ Cloud Provider  │
                        │      API        │
                        └─────────────────┘

This ensures:

State isolation - Each environment’s state is separate
Locking - Prevents concurrent modifications
Auditability - Full history of infrastructure changes

Next Steps

Hetzner Cloud

Detailed Hetzner configuration and server types.

AWS

AWS configuration, regions, and EKS setup.

Azure

Azure configuration, regions, and AKS setup.

Kubernetes

Kubernetes distribution options.