# Using a Self-Hosted Cloud

A Self-Hosted Cloud enables you to connect any cloud account or on-premise setup to a collection on Bluebricks. It requires installing the [Bluebricks Deployments Controller (BDC)](https://bluebricks.co/docs/security/bluebricks-self-hosted-runner): a Kubernetes operator that orchestrates IaC tasks in your own cluster.

## Prerequisites

* Kubernetes 1.28+
* Helm 3.8+
* `kubectl` configured and pointing at your target cluster
* A [Bluebricks collection](https://bluebricks.co/docs/core-concepts/collections/create-an-environment)

## Step 1: Install BDC in your cluster

Install the Bluebricks Deployments Controller using Helm:

```bash
helm install bdc \
  oci://europe-docker.pkg.dev/bbx-registry-prod/helm/bluebricks-deployments-controller
```

For custom configuration options (resource limits, environment variables, storage), see the [BDC Helm Chart](https://bluebricks.co/docs/security/bluebricks-self-hosted-runner/bdc-helm-chart) reference and the full [Self-Hosted Runner](https://bluebricks.co/docs/security/bluebricks-self-hosted-runner) guide.

## Step 2: Verify the installation

Check that the BDC pods are running:

```bash
kubectl get pods -n bluebricks
```

View the controller logs to confirm it started successfully:

```bash
kubectl logs -f deployment/bluebricks-deployments-controller -n bluebricks
```

## Step 3: Register the cluster

Run the Bluebricks registration script to connect your cluster to the platform:

```bash
/bin/bash -c "$(curl -fsSL https://brickscli.s3.eu-west-1.amazonaws.com/releases/latest/self-hosted-register.sh)"
```

The script will verify your Kubernetes context and guide you through a wizard to collect the necessary details. For more information on how registration and authentication work, see [Registration and Authentication](https://bluebricks.co/docs/security/bluebricks-self-hosted-runner/registration-and-authentication).

## Step 4: Connect in the Bluebricks app

After registration, add the self-hosted cloud account in the Bluebricks app:

1. Click **"Connect Cloud"** on the collection you want to link
2. Select **Self-Hosted** as the **Cloud Provider**
3. Fill in the required fields:

<table><thead><tr><th width="258.52734375">Field</th><th width="108.859375">Required</th><th>Description</th></tr></thead><tbody><tr><td><strong>Name</strong></td><td>Yes</td><td>A display name for this cloud account</td></tr><tr><td><strong>Service account namespace</strong></td><td>Yes</td><td>Kubernetes namespace for the BDC service account (default: <code>bluebricks</code>)</td></tr><tr><td><strong>Service account name</strong></td><td>No</td><td>Name of the BDC service account (default: <code>bluebricks-deployments-controller-sa</code>)</td></tr><tr><td><strong>Cluster name</strong></td><td>Yes</td><td>Name of the target cluster. Find it with: <code>kubectl config current-context</code></td></tr><tr><td><strong>Cluster OIDC URL</strong></td><td>Yes</td><td>The OIDC issuer URL for your cluster. Find it with: <code>kubectl get --raw '/.well-known/openid-configuration' | jq -r .issuer</code></td></tr></tbody></table>

4. Click **"Connect & Create"** to complete the setup

## Managing cloud accounts

{% tabs %}
{% tab title="Bluebricks app" %}
From the collection detail page you can:

1. **View account details**: click the cloud account section to see provider attributes (read-only after creation).
2. **Switch accounts**: click **Edit** on the cloud account section, then select a different account or create a new one.
3. **Disconnect**: expand the disconnect section and confirm to remove the cloud account from the collection. This does not delete the account itself.
   {% endtab %}

{% tab title="CLI" %}

```bash
# List connected cloud accounts
bricks clouds ls

# Include inactive and deleted accounts
bricks clouds ls --all

# Delete a cloud account (not associated with a collection)
bricks clouds delete --slug <slug>
bricks clouds delete --id <id>
```

For the full command reference, see [`bricks clouds ls`](https://bluebricks.co/docs/bricks-cli/cli-reference/bricks_clouds/bricks_clouds_ls) and [`bricks clouds delete`](https://bluebricks.co/docs/bricks-cli/cli-reference/bricks_clouds/bricks_clouds_delete).
{% endtab %}
{% endtabs %}

[Learn more about managing cloud accounts](https://bluebricks.co/docs/core-concepts/collections/managing-collections)

## Next steps

* [Connect your Cloud](https://bluebricks.co/docs/core-concepts/collections/connect-your-cloud): overview of all cloud connection types
* [Bluebricks Self-Hosted Runner](https://bluebricks.co/docs/security/bluebricks-self-hosted-runner): full BDC architecture and configuration
* [CLI Reference: bricks clouds](https://bluebricks.co/docs/bricks-cli/cli-reference/bricks_clouds)
Field	Required	Description
Name	Yes	A display name for this cloud account
Service account namespace	Yes	Kubernetes namespace for the BDC service account (default: `bluebricks`)
Service account name	No	Name of the BDC service account (default: `bluebricks-deployments-controller-sa`)
Cluster name	Yes	Name of the target cluster. Find it with: `kubectl config current-context`
Cluster OIDC URL	Yes	The OIDC issuer URL for your cluster. Find it with: `kubectl get --raw '/.well-known/openid-configuration' \| jq -r .issuer`