An Application Operator (AO) is a member of the development team within the organization of the Platform Administrator (PA). The PA assigns a set of Kubernetes namespaces within a user cluster where the AO deploys and operates code. The AO has full access to a set of Kubernetes namespaces and managed services within a user cluster assigned by a Platform Administrator (PA). An AO interacts with the PA to secure more resources, get policy exemptions, and troubleshoot larger issues.
The PA sets up the necessary permissions so AOs can access their projects and
clusters using the Manage resources page in the
Google Distributed Cloud Hosted (GDCH) console. When the PA finishes the setup of user
clusters and projects, they provide an identity configuration file and a link
for AOs to log into the GDCH console. The AO uses the
identity configuration file to generate a kubeconfig file. For more information about the AO and other GDCH personas, see Personas.
The Develop section describes the features available to the AO on GDCH. At a high level, an AO has access to the following actions in GDCH:
- Control access to resources by managing predefined role descriptions including creating role definitions and service identities.
- Deploy container workloads by managing stateless and stateful workloads and setting up container storage.
- Deploy and manage VMs, including the backup, restore and monitoring of those VMs.
- Handle storage through the creation and management of buckets and object storage.
- Create and manage databases that are compatible with GDCH.
- Use Vertex AI APIs including Optical Character Recognition (OCR) and Translation.
- Access marketplace services that run remotely in the isolated environment.
- Collect and query metrics and logs, and create alerts and policies that send notifications about issues found in your system.
- Use the Key Management System (KMS) to create, use and destroy cryptographic keys.
For more information about GDCH, see the Google Distributed Cloud Hosted overview.