Self-Hosted Deployment

In this tutorial, you’ll deploy Teabar on your own infrastructure, giving you complete control over your data and the ability to run behind your firewall.

Time to complete: 60-90 minutes

Prerequisites:

Kubernetes cluster (1.25+) or Docker environment
PostgreSQL database (14+)
Redis instance (6+)
Domain name with SSL certificate
Teabar Enterprise license

Deployment Options

Kubernetes

Docker Compose

Quick setup for small teams or evaluation

Single Binary

Minimal footprint for resource-constrained environments

Prerequisites Setup

1. Database Setup

Use a managed PostgreSQL service like AWS RDS, Google Cloud SQL, or Azure Database:

# Example: Create RDS instance via AWS CLI
aws rds create-db-instance 
  --db-instance-identifier teabar-db 
  --db-instance-class db.t3.medium 
  --engine postgres 
  --engine-version 15.4 
  --master-username teabar 
  --master-user-password <secure-password> 
  --allocated-storage 100

# Note the endpoint for later
aws rds describe-db-instances 
  --db-instance-identifier teabar-db 
  --query 'DBInstances[0].Endpoint.Address'

2. Redis Setup

# Example: Create ElastiCache Redis cluster
aws elasticache create-cache-cluster 
  --cache-cluster-id teabar-redis 
  --cache-node-type cache.t3.medium 
  --engine redis 
  --engine-version 7.0 
  --num-cache-nodes 1

3. SSL Certificate

Obtain an SSL certificate for your domain:

# Using Let's Encrypt with certbot
certbot certonly --standalone -d teabar.yourdomain.com

# Or use your organization's certificate authority

Kubernetes Deployment

1. Create Namespace and Secrets

# Create namespace
kubectl create namespace teabar

# Create secrets
kubectl create secret generic teabar-secrets 
  --namespace teabar 
  --from-literal=database-url="postgres://teabar:[email protected]:5432/teabar" 
  --from-literal=redis-url="redis://:[email protected]:6379" 
  --from-literal=license-key="your-enterprise-license-key" 
  --from-literal=encryption-key="$(openssl rand -hex 32)"

# Create TLS secret
kubectl create secret tls teabar-tls 
  --namespace teabar 
  --cert=/path/to/cert.pem 
  --key=/path/to/key.pem

2. Deploy with Helm

# Add Teabar Helm repository
helm repo add teabar https://charts.teabar.dev
helm repo update

# Install Teabar
helm install teabar teabar/teabar 
  --namespace teabar 
  --values values.yaml

Create values.yaml:

# values.yaml
global:
  domain: teabar.yourdomain.com

api:
  replicas: 3
  resources:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 2
      memory: 4Gi

controller:
  replicas: 2
  resources:
    requests:
      cpu: 500m
      memory: 512Mi
    limits:
      cpu: 1
      memory: 2Gi

web:
  replicas: 2
  resources:
    requests:
      cpu: 100m
      memory: 128Mi
    limits:
      cpu: 500m
      memory: 512Mi

database:
  external: true
  secretName: teabar-secrets
  secretKey: database-url

redis:
  external: true
  secretName: teabar-secrets
  secretKey: redis-url

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: teabar.yourdomain.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: teabar-tls
      hosts:
        - teabar.yourdomain.com

# Authentication
auth:
  # OIDC configuration
  oidc:
    enabled: true
    issuerUrl: https://your-idp.com
    clientId: teabar
    clientSecret:
      secretName: teabar-secrets
      secretKey: oidc-client-secret
  
  # Or use SAML
  saml:
    enabled: false

# Storage backend for environment data
storage:
  type: s3
  s3:
    bucket: teabar-data
    region: us-west-2
    # Use IAM role or provide credentials
    useIRSA: true

# Monitoring
monitoring:
  prometheus:
    enabled: true
    serviceMonitor: true
  
  grafana:
    enabled: true
    dashboards: true

3. Verify Deployment

# Check pods
kubectl get pods -n teabar

# Check services
kubectl get svc -n teabar

# View logs
kubectl logs -n teabar -l app=teabar-api

# Test connectivity
curl https://teabar.yourdomain.com/health

Docker Compose Deployment

For smaller deployments or evaluation:

# docker-compose.yml
version: '3.8'

services:
  api:
    image: teabar/api:latest
    environment:
      DATABASE_URL: postgres://teabar:${POSTGRES_PASSWORD}@postgres:5432/teabar
      REDIS_URL: redis://:${REDIS_PASSWORD}@redis:6379
      LICENSE_KEY: ${TEABAR_LICENSE_KEY}
      ENCRYPTION_KEY: ${ENCRYPTION_KEY}
      BASE_URL: https://teabar.yourdomain.com
    ports:
      - "8080:8080"
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    restart: unless-stopped

  controller:
    image: teabar/controller:latest
    environment:
      DATABASE_URL: postgres://teabar:${POSTGRES_PASSWORD}@postgres:5432/teabar
      REDIS_URL: redis://:${REDIS_PASSWORD}@redis:6379
      DOCKER_HOST: unix:///var/run/docker.sock
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    depends_on:
      - api
    restart: unless-stopped

  web:
    image: teabar/web:latest
    environment:
      API_URL: http://api:8080
    ports:
      - "3000:3000"
    depends_on:
      - api
    restart: unless-stopped

  postgres:
    image: postgres:15
    environment:
      POSTGRES_USER: teabar
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: teabar
    volumes:
      - postgres-data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U teabar"]
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  redis:
    image: redis:7-alpine
    command: redis-server --requirepass ${REDIS_PASSWORD}
    volumes:
      - redis-data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  nginx:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./certs:/etc/nginx/certs
    depends_on:
      - web
      - api
    restart: unless-stopped

volumes:
  postgres-data:
  redis-data:

Create .env file:

POSTGRES_PASSWORD=<secure-password>
REDIS_PASSWORD=<secure-password>
TEABAR_LICENSE_KEY=<your-license-key>
ENCRYPTION_KEY=<32-byte-hex-key>

Start the deployment:

docker-compose up -d

Single Binary Deployment

For minimal deployments:

# Download the binary
curl -LO https://releases.teabar.dev/teabar-server-linux-amd64

# Make executable
chmod +x teabar-server-linux-amd64

# Create config file
cat > config.yaml << EOF
server:
  host: 0.0.0.0
  port: 8080

database:
  url: postgres://teabar:password@localhost:5432/teabar

redis:
  url: redis://localhost:6379

license:
  key: your-license-key

encryption:
  key: your-32-byte-hex-key
EOF

# Run the server
./teabar-server-linux-amd64 --config config.yaml

Post-Installation Setup

1. Create Admin User

# Using CLI
teabar admin create-user 
  --email [email protected] 
  --role admin 
  --password <secure-password>

# Or via API
curl -X POST https://teabar.yourdomain.com/api/v1/setup 
  -H "Content-Type: application/json" 
  -d '{
    "admin_email": "[email protected]",
    "admin_password": "secure-password",
    "organization_name": "Your Company"
  }'

2. Configure Authentication

# Add to Helm values or config
auth:
  oidc:
    enabled: true
    issuerUrl: https://your-idp.com
    clientId: teabar
    clientSecret: your-client-secret
    scopes:
      - openid
      - profile
      - email
    usernameClaim: email
    groupsClaim: groups

3. Configure Container Runtime

# Helm values for Kubernetes-based environments
runtime:
  type: kubernetes
  kubernetes:
    namespace: teabar-envs
    storageClass: standard
    defaultResources:
      cpu: 1
      memory: 2Gi

# Or for Docker-based environments
runtime:
  type: docker
  docker:
    network: teabar-envs
    volumeDriver: local

4. Set Up Backups

backup:
  enabled: true
  schedule: "0 2 * * *"  # Daily at 2 AM
  retention: 30  # Keep 30 days
  storage:
    type: s3
    bucket: teabar-backups
    region: us-west-2

Monitoring and Maintenance

Health Checks

# API health
curl https://teabar.yourdomain.com/health

# Detailed status
curl https://teabar.yourdomain.com/health/detailed

Logs

# Kubernetes
kubectl logs -n teabar -l app=teabar-api -f

# Docker
docker-compose logs -f api

Upgrades

# Kubernetes with Helm
helm repo update
helm upgrade teabar teabar/teabar 
  --namespace teabar 
  --values values.yaml

# Docker Compose
docker-compose pull
docker-compose up -d

Warning

Always backup your database before upgrading. Review release notes for any breaking changes.

Troubleshooting

Common Issues

Issue	Solution
API won’t start	Check database connectivity and migrations
Auth failures	Verify OIDC/SAML configuration
Environments not creating	Check controller logs and container runtime
Slow performance	Review resource allocation and database indexes

Support

For self-hosted support:

Email: [email protected]
Documentation: Self-Hosted Admin Guide
Emergency: Contact your designated support engineer

Summary

You’ve successfully deployed Teabar on your own infrastructure. Your deployment includes:

High-availability API and controller services
Secure authentication with your identity provider
Persistent storage for environments and data
Monitoring and backup systems

Next Steps

Configure SSO with your identity provider
Set up monitoring dashboards
Review security hardening guide
Configure disaster recovery