4. Deploy your resources to a control plane
In the previous guide, you created a test for your composition logic. In this
guide, you'll create a ProviderConfig and authenticate to your cloud provider
to deploy your resources.
Prerequisites
Make sure you've completed the previous guide and have:
- An Upbound account
- The Up CLI installed
- kubectl installed
- Docker Desktop running
- A project with the basic structure (
upbound.yaml,apis/,examples/) - Provider dependencies added
- An XRD generated from your example claim
- An embedded function that defines your composition logic
If you missed any of the previous steps, go to the project foundations guide to get started.
Create your control plane
Now that you have your project built, create a new local control plane:
up project run --local
The run command installs your project functions and dependencies to a control plane.
Authenticate with your cloud provider
Your project configuration requires an authentication method.
A ProviderConfig is a custom resource that defines how your control plane
authenticates and connects with cloud providers like AWS. It acts as a
configuration bridge between your control plane's managed resources and the
cloud provider's API.
Create a secret
First, create a secret with your AWS credentials. To create the secret download your AWS access key ID and secret access key.
In the root of your project, create a new file called aws-credentials.txt and
paste your AWS access key ID and secret access key.
Next, create a new secret to store your credentials in your control plane. The
kubectl create secret command puts your AWS login details in the control plane
secure storage:
kubectl create secret generic aws-secret \
-n crossplane-system \
--from-file=my-aws-secret=./aws-credentials.txt
Create a ProviderConfig
Next, create a new file called provider-config.yaml and paste the
configuration below:
apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
name: default
spec:
credentials:
source: Secret
secretRef:
namespace: crossplane-system
name: aws-secret
key: my-aws-secret
Next, apply your provider configuration:
kubectl apply -f provider-config.yaml
When you create a composition and deploy with the control plane, Upbound uses
the ProviderConfig to locate and retrieve the credentials in the secret store.
Deploy your resources to your control plane
Now that you have a control plane, use the kubectl apply command in the root
of your project to deploy your resources:
kubectl apply --filename examples/storagebucket/example.yaml
Return the resource state with the up CLI.
kubectl get storagebuckets.platform.example.com -o yaml
Now, you can validate your results through the Upbound Console, and make any changes to test your resources required.
Clean up
Be sure to destroy your resources to avoid cloud costs:
kubectl delete --filename examples/storagebucket/example.yaml
Destroy your control plane:
up project stop
Next steps
You just created an Upbound project from scratch with an embedded function and a resource claim.
Next, try out an Intelligent Control Plane solution or build your own Internal Developer Platform.
For more information on projects and how to build control planes, checkout the CLI Build manuals.