A Kubernetes alternative in 2026: self-hosted PaaS for Brazilian teams

The technical literature on container orchestration is mostly American. And mostly assumes a set of premises that doesn't hold for Brazil in 2026.

The median American SRE salary hovers around US$150k per year. To the CFO in San Francisco, that's "an expensive person". In São Paulo, at today's exchange rate, it equals three full people. The math comes out differently. So does the conclusion.

US$140 per month of managed platform cost becomes noise to the Mountain View CFO. To the founder in Belo Horizonte, it is one tenth of the salary of the mid-level dev they just hired. The same architectural decision — "let's just pay for the managed thing and move on" — has completely different financial weight on the two sides of the hemisphere.

This post recalibrates the decision for Brazilian reality. It is not a manifesto against Kubernetes. It is a spreadsheet.

The Brazilian budget reality, no detours

Before comparing platforms, it is worth aligning current numbers. The ranges below are Brazilian market medians as of April 2026, considering a remote B2B SaaS team in a metropolitan region.

• Mid-level full-stack dev: R$10k to R$15k CLT (with charges, total cost ~1.8× to the company). PJ in the R$15k to R$20k monthly range.
• Senior full-stack dev: R$18k to R$28k PJ.
• SRE with serious Kubernetes in production: R$25k to R$40k PJ. Rare to find below R$20k — those with Kubernetes on the resume learned fast to charge for what they learned.
• 24×7 on-call: two SREs minimum, or you burn the only one in three months. The math of sustainable on-call doesn't change with country: nobody can be the only pager any longer than that.

Common cloud hosting in Brazil in 2026 follows four main patterns:

• DigitalOcean: no region in Brazil, the closest datacenter is New York. São Paulo latency in the 120 ms range. Pricing in dollars, simple and predictable. Popular for small teams.
• AWS São Paulo (sa-east-1): good latency for Brazilian clients, but pricing 30 to 40% above us-east-1. Fewer services available than American regions.
• Hetzner (Germany): 30 to 50% cheaper than AWS. ~200 ms latency to São Paulo. Good for workloads that are not latency-critical.
• Brazilian provider (Locaweb, UOL Host, KingHost, Magalu Cloud): billing in real, support in Portuguese, national invoice for Brazilian accounting. Per GB and per vCPU pricing usually worse than international cloud, but zero FX exposure.

Above all of that hovers the exchange rate. The dollar in 2026 swings around R$5 with annual volatility of roughly 10%. That means a US$200 per month cost in January can become US$220-equivalent in October without you raising anything. Whoever budgets in real and pays in dollars carries silent FX risk, and that risk is proportional to the size of the bill.

The managed Kubernetes bill for a small Brazilian team

Let's put the most common scenario on the table. B2B startup in São Paulo, 4 devs, first product in production, 50 paying clients, monthly recurring revenue in real.

The "industry standard" choice is EKS in the São Paulo region. The minimum bill:

• EKS cluster: US$73/month.
• Egress gateway (NAT): ~US$40/month.
• Load balancer (ALB): ~US$25/month.
• Egress traffic: variable, conservative US$30/month.
• Total: ~US$170/month = ~R$850/month at R$5/USD.

That is platform alone. The machines where the application runs are extra. On 4 m5.large nodes in the São Paulo region, another ~US$400/month. Realistic total for small production: ~US$570/month = R$2,850/month in infra alone.

And the real cost is still missing: the team. Two junior-mid SREs CLT, R$30k/month each with charges, multiplied by 13 (including vacation and 13th salary): R$780k/year in platform payroll alone. As PJ, two seniors in the same range: R$600k/year.

Conservative year 1 total, platform + payroll: R$650k to R$820k before the first Enterprise client pays.

For reference: 4 full-stack devs at R$15k PJ deliver product for R$780k/year. The "managed Kubernetes + 2 SREs" choice costs almost the same as having the entire product team duplicated. Only delivering platform — not delivering features to the client.

The self-hosted bill in Brazil

Same scenario, different decision. 3 to 4 Linux VPS with Docker, replicated control plane, integrated router, automatic certificates.

• 4 DigitalOcean VPS (4 vCPU, 8 GB RAM each): US$48/month × 4 = US$192/month = R$960/month.
• Hetzner alternative: US$32/month × 4 = US$128/month = R$640/month.
• Magalu Cloud (BR) alternative: R$200/month × 4 = R$800/month, in real, without FX volatility.
• Backup S3 São Paulo region: ~US$15/month = R$75/month.
• Full-stack dev time looking after the platform: 20% of one R$15k PJ person = R$3k/month allocated.

Year 1 total: R$50k to R$72k.

Difference vs. managed Kubernetes scenario: 9 to 13 times less. That delta — somewhere between R$580k and R$770k per year — becomes two additional full-stack devs, or one senior designer, or three months of runway. It is the margin between closing the year in profit and closing in loss.

The honest objection to this math is: "but it'll take work to operate". The answer must be honest too. Yes, it will take some work. The right question is whether the extra work fits in 20% of one team member's time. If the answer is yes — and at the 4-server, 16-container range it usually is — the ROI is direct.

Brazilian hosting in practice: a panorama as of April 2026

Each provider that matters in the Brazilian context has specific trade-offs. Short summary for each.

AWS São Paulo (sa-east-1)

The oldest region on Brazilian soil, active since 2011. Excellent latency for São Paulo clients (1 to 5 ms intra-region, 30 to 50 ms to the South and Center-West). Pricing 30 to 40% above us-east-1 — an m5.large instance that costs US$70/month in Virginia costs US$95/month in São Paulo. Not every AWS service is available: some new products take 6 to 18 months to arrive in sa-east-1.

Good for: Brazilian B2B product with clients demanding data residency in contract, team large enough to absorb AWS complexity, company with revenue predominantly in real.

Watch out for: cross-region data transfer costs (expensive). Whoever replicates database between sa-east-1 and us-east-1 pays dearly for egress.

DigitalOcean

No region in Brazil. Closest datacenter is New York (NYC1, NYC3) or Toronto. Average latency to São Paulo in the 110 to 130 ms range — perceptible in interactive applications, irrelevant for a JSON API with 200 ms of its own processing.

Simple pricing, in USD, predictable. 4 vCPU + 8 GB RAM VPS for US$48/month. No billing surprises — you know on day 1 what you'll spend on day 30.

Good for: small team with tolerable latency (B2B SaaS, dashboards, APIs), startup prioritizing billing simplicity, personal project that becomes a product.

Watch out for: user-facing applications where 120 ms extra latency costs conversion (e-commerce, games, video chat). FX: everything in dollars.

Hetzner (Germany, Finland)

European provider with the best price-performance ratio on the market in 2026. 4 vCPU + 8 GB VPS for ~US$15/month — half the price of DigitalOcean. Dedicated servers for US$50/month with 64 GB of RAM.

Latency to São Paulo in the 200 to 230 ms range. Unfeasible for any synchronous interaction with a Brazilian user — perceptible as slowness. Feasible for background workloads, batch processing, data analysis, staging environments nobody uses in real time.

Good for: non-customer-facing workloads, build infrastructure, secondary database for analytics, archiving.

Watch out for: anything with a human waiting on the other side.

Brazilian providers (Locaweb, UOL Host, KingHost)

Billing in real, Brazilian NF-e, commercial Portuguese support. For Brazilian accounting, simplifies bookkeeping. For a company that needs to demonstrate a national supplier for public audit or public contract, it is a requirement.

Per vCPU and GB pricing tends to be 20 to 50% worse than international cloud. Product offering is also more limited — more emphasis on traditional hosting, less on modern primitives like block storage, snapshot and consistent programmatic API.

Good for: company with contractual obligation for a national supplier, team that values Portuguese support during incidents, public project with Brazilian supplier rules.

Watch out for: APIs and tooling generally less polished. Documentation in Portuguese is an advantage; incomplete Portuguese documentation becomes a trap when the problem is specific.

Emerging national cloud (Magalu Cloud, dloud, similar)

The newest category, maturing throughout 2025 and 2026. Brazilian operators offering VPS, object storage and basic managed services with pricing in real and a datacenter on national soil.

Main draw: LGPD with data explicitly remaining in Brazil, no international transfer to demonstrate at audit. Billing in real eliminates FX exposure.

Maturity still under construction. Service catalog much more limited than AWS São Paulo. Documentation sometimes incomplete. Intra-Brazil latency is good by construction.

Good for: company where LGPD with local data residency is a competitive differentiator, Brazilian public projects, teams wanting zero FX exposure.

Watch out for: catalog immaturity. Missing advanced features that have existed in AWS for five years.

LGPD and self-hosted

The General Data Protection Law (Law 13.709/2018) has been in force since September 2020 and the active enforcement phase by ANPD began in 2022. By 2026 there are already substantial fines applied and initial case law.

LGPD does not require explicit national residency of data. But it requires:

• Adequate treatment of personal data (documented legal basis, clear purpose, justified retention).
• In case of international transfer, contractual safeguards with the receiving entity.
• Capacity to demonstrate internal audit on incident response: who accessed what, when, for what purpose.
• Incident logging and ANPD notification within a reasonable timeframe (current interpretation: 48 to 72 hours for serious incidents).

Self-hosted on a provider with a region in Brazil simplifies three things. First: no international transfer to demonstrate — data never left national soil. Second: the cluster is yours, so the record of who accessed what is internally controllable, without depending on third parties. Third: managed backup within the cluster itself reduces exposure surface with additional vendors.

The HeroCtl Business Edition includes detailed audit that records each administrative action by user, with timestamp and context. In incident response, that record becomes evidence of operational good faith.

LGPD is not a universal argument for self-hosted — global company with revenue in dollars and clients in the US already has to worry about GDPR, with American framework, and contractual safeguards in many directions. For these, complexity already exists. For a Brazilian company serving Brazilian clients, simplifying the legal data topology is a concrete gain.

When managed Kubernetes makes sense for a Brazilian team

Not never. There are scenarios where the math flips.

Company with revenue predominantly in dollars and global clients: the platform's cost in USD is an expense in hard currency, not FX risk. The volatility becomes a natural hedge, not exposure.

International compliance already mapped on Kubernetes: companies in the SOC 2 Type II or ISO 27001 process often have consultants and auditors who know Kubernetes. The path is shorter than presenting an alternative stack to each auditor — even when the alternative stack is technically equivalent or superior.

Platform team with 3 or more dedicated people: the Kubernetes ecosystem rewards operational scale. With 3+ dedicated engineers, you have capacity to extract real value from specialized operators, service mesh, advanced observability. Below that, all of it becomes weight.

Workload above 50 servers: in this range, the colossus's primitives start to pay off. Real multi-tenancy, namespace isolation, cross-cluster federation — things nobody needs at 4 servers, but that matter at 50.

Otherwise: probably overkill for the Brazilian context. The right question is not "is Kubernetes good?" — it is "is Kubernetes good for the size of the problem I have today, and for the next 18 months?". For a pre-Series A Brazilian startup, the honest answer is usually no.

Typical recommended stack for a small Brazilian team

Practical recipe for those starting from scratch or migrating from an expensive platform.

• 3 to 4 Linux VPS with Docker: DigitalOcean, Hetzner or Brazilian provider, depending on the latency and FX trade-off that makes sense. R$500 to R$1,000/month range.
• HeroCtl Community: free, no server limit. Configures the cluster with control plane replicated across 3 or more servers, so loss of any single server doesn't take the cluster down.
• Database: Postgres as a job in the cluster itself for projects where compliance allows it. For cases with strong regulatory requirements, managed RDS São Paulo, connected via VPN or authorized IP.
• Integrated router: automatic Let's Encrypt certificates, ingress without extra operator setup.
• Metrics and logs: internal jobs of the system itself. No Datadog, no external New Relic — these charge in USD at US$15 to US$31 per host per month, which for 4 hosts already exceeds R$600/month in observability alone.
• Backup: weekly rotation to an S3 bucket in São Paulo or CloudFlare R2 (R2 has free egress, which makes a difference for restore).
• DNS: Cloudflare free or Hostinger DNS for the Brazilian case. Both have stable programmatic APIs.

Operational total of this stack in the R$600 to R$1,100/month infra range, plus 10 to 20% of one team member's time. Supports zero to a few hundred thousand requests per day without needing to rethink architecture.

Comparison table adapted to Brazil

Four paths, ten criteria. No column without caveats.

The minimum platform cost line by itself doesn't decide. The line that most often decides is the minimum team to operate — because team costs, on average, 100 times more than platform for the operation size we're discussing.

When NOT to go self-hosted

The thesis of this post is direct, but there are three scenarios where the recommendation flips.

Team of 1 to 2 devs with no time at all to look after a server: in that case, Render, Railway or Heroku are the right answer. You pay in USD, but trade time (which you don't have) for money (which you have enough of to cover at this stage). When the team grows to 4+ devs and the bill becomes uncomfortable, migrating is feasible. For now, focus on the product.

Application whose platform cost is trivial vs. revenue: B2B SaaS with R$200k MRR and platform bill of R$3k/month. Don't optimize prematurely. Use the team's time to build features that increase MRR, not to save 0.5% of revenue on infra.

Compliance that requires a nominally listed and third-party audited supplier: some specific frameworks (government, regulated healthcare) require the supplier to be on a pre-approved list. These lists change slowly. If you need the AWS or Microsoft name in the contract, self-hosted on a generic VPS doesn't qualify. Wait for HeroCtl to reach formal lists or use the stack already listed.

HeroCtl in the Brazilian context specifically

The discussion so far has been about architecture. Worth closing with what HeroCtl does specifically for the Brazilian context.

Permanent free Community plan, no USD license to budget, no subscription, no server or job limit. Runs the entire stack described above — real high availability, router, automatic certificates, metrics, logs.

Runs on any Linux VPS with Docker. Any Brazilian or international provider works. The cluster doesn't know or care if it is on DigitalOcean New York, AWS São Paulo, Hetzner Germany, Magalu Cloud Brazil or mixing providers. The primitive is Linux operating system + Docker, and that runs everywhere.

Portuguese support in Business and Enterprise editions. Product and support team aligned with the Brazilian time zone — your 2pm incident doesn't become "we'll look at it tomorrow morning".

Business and Enterprise pricing published in real, contractually frozen for existing clients. No retroactive increase clause, no mid-flight license change like happened with a competing vendor in 2023. The contract you sign today is the contract that holds.

PT-BR documentation from the start, not as a later translation. Errors, log messages, admin panel, everything in Brazilian Portuguese as a first language.

No mandatory phone-home, no remote kill-switch. Once installed, your cluster works offline indefinitely. Enterprise editions include source code escrow: if the company behind the product ceases operations, the code is delivered to paying clients via a third-party custodian.

Questions we get from Brazilian teams

Is managed Kubernetes in São Paulo good enough for LGPD? Technically yes — the sa-east-1 region keeps data on national soil. Operationally, it depends. Whoever uses managed services (RDS, S3, CloudWatch) needs to configure each one to stay exclusively in sa-east-1, and demonstrate that at audit. Self-hosted on a Brazilian VPS simplifies the demonstration: the entire cluster has one IP address, in a known datacenter, and that's it.

Can I run HeroCtl on a small Brazilian VPS (Hostinger, KingHost, Locaweb)? Yes. The minimum requirement is Linux with Docker and 1 GB of RAM per server (recommended 2 GB+). Works on R$50/month VPS from a Brazilian provider for a test cluster, or for development environment. For sustainable production, 4 GB+ per server is recommended.

How much RAM and CPU does it consume on an R$50/month server? The control plane occupies between 200 and 400 MB of RAM per server. On a 1 GB VPS, ~600 MB remain for workload. On a 2 GB VPS, ~1.6 GB remain. For reference, the control plane of a managed Kubernetes version starts at ~700 MB per master node before any application starts, and rarely runs on a VPS smaller than 4 GB.

Is there Portuguese support? Yes, in Business and Enterprise. Community uses documentation and forum in Portuguese, no response SLA. Business has direct commercial Portuguese support with response SLA. Enterprise adds extended hours and a dedicated channel.

And to scale to 50+ servers in the future? The tested application range is from 1 to 500 servers. Above 500, the Kubernetes ecosystem offers tools we don't have yet. Between 50 and 500, HeroCtl runs comfortably — doesn't require redoing architecture as happens when leaving Coolify single-server for real HA. The migration is continuation, not restart.

What about 24×7 support in Brazilian business hours? Enterprise includes 24×7 support with a real person responding in Portuguese. For a Brazilian team that has an incident at 11pm on a Wednesday, it is the operational equivalent of the support American clients receive in American hours — only for Brasília time zone.

Can I use real to pay? Yes. Business and Enterprise are billed in real, with Brazilian NF-e. No FX exposure, no international card conversion, no IOF on the invoice. Brazilian accounting processes it like any other national supplier.

Closing

The right question for a Brazilian team in 2026 isn't "what's the best orchestrator?". It is "what orchestrator makes sense on my cost spreadsheet, in my time zone, with my team, serving my client, under the law that governs my data?".

The answer varies. For some companies, it is managed Kubernetes in sa-east-1. For others, it is Render or Railway paying in USD while MRR justifies. For most pre-Series A Brazilian startups — budget in real, lean team, Brazilian client — the answer is self-hosted on VPS, with a truly replicated control plane.

For that case, we built HeroCtl. Installation:

curl -sSL https://get.heroctl.com/install.sh | sh

In 5 minutes you have a cluster with 3 servers, replicated control plane, integrated router and automatic Let's Encrypt certificates. From there, it is just submitting applications.

For additional context, read why we built HeroCtl (the story of the gap that none of the three existing alternatives filled) and Kubernetes is overkill: when you don't need it (the general version, not Brazil-specific, of the same argument).

Container orchestration, without ceremony. In real.