Deploy your resources to a control plane

In the previous guide, you created a test for your composition logic. In this guide, you'll create a ProviderConfig and authenticate to your cloud provider to deploy your resources.

Prerequisites

Make sure you've completed the previous guide and have:

• An Upbound account
• The Up CLI installed
• kubectl installed
• Docker Desktop running
• A project with the basic structure (upbound.yaml, apis/, examples/)
• Provider dependencies added
• An XRD generated from your example claim
• An embedded function that defines your composition logic

If you missed any of the previous steps, go to the project foundations guide to get started.

Authenticate with your cloud provider

Your project configuration requires an authentication method.

A ProviderConfig is a custom resource that defines how your control plane authenticates and connects with cloud providers like AWS. It acts as a configuration bridge between your control plane’s managed resources and the cloud provider's API.

Create a secret

First, create a secret with your AWS credentials. To create the secret download your AWS access key ID and secret access key.

In the root of your project, create a new file called aws-credentials.txt and paste your AWS access key ID and secret access key.

[default]
aws_access_key_id = YOUR_ACCESS_KEY_ID
aws_secret_access_key = YOUR_SECRET_ACCESS_KEY

Next, create a new secret to store your credentials in your control plane. The kubectl create secret command puts your AWS login details in the control plane secure storage:

kubectl create secret generic aws-secret \
    -n crossplane-system \
    --from-file=my-aws-secret=./aws-credentials.txt

Create a ProviderConfig

Next, create a new file called provider-config.yaml and paste the configuration below:

upbound-hello-world/provider-config.yaml

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: default
spec:
  credentials:
    source: Secret
    secretRef:
      namespace: crossplane-system
      name: aws-secret
      key: my-aws-secret

Next, apply your provider configuration:

kubectl apply -f provider-config.yaml

When you create a composition and deploy with the control plane, Upbound uses the ProviderConfig to locate and retrieve the credentials in the secret store.

Create your control plane

Now that you have an authentication method, create your control plane:

up project run

The run command installs your project functions and dependencies to a control plane.

Make sure you’re in your control plane context.

Use the up ctx command to set your kubecontext to your control plane project name:

up ctx

Deploy your resources to your control plane

Now that you have a control plane, use the kubectl apply command in the root of your project to deploy your resources:

kubectl apply --filename examples/storagebucket/example.yaml

Return the resource state with the up CLI.

up alpha get managed -o yaml

Now, you can validate your results through the Upbound Console, and make any changes to test your resources required.

Next steps

You just created an Upbound project from scratch with an embedded function and a resource claim.

Be sure to destroy your resources to avoid cloud costs:

kubectl delete --filename examples/storagebucket/example.yaml

Destroy your control plane:

up ctp delete upbound-ctp