Create a project

Create a project to group your resources together within an organization, providing a lifecycle and policy boundary for your resources.

Before you begin

To get the permissions needed to create a project, ask your Organization IAM Admin to grant you the Project Creator role (project-creator).

Before you create a project, review the information Google Distributed Cloud Hosted (GDCH) uses to identify your project:

  • Project name: A human-readable name for your project.

    The project name isn't used by any GDCH APIs. You can edit the project name at any time during or after project creation. Project names don't need to be unique.

    Projects have the following name requirements:

    • 4 to 30 characters in length.
    • Contains letters, numbers, single quotes, hyphens, spaces, or exclamation points.
  • Project ID: A globally unique identifier for your project.

    A project ID is a unique string used to differentiate your project from all others in GDCH. You can only modify the project ID when you're creating the project.

    Project IDs have the following requirements:

    • 6 to 30 characters in length.
    • Contains lowercase letters, numbers, and hyphens.
    • Starts with a letter.
    • Must not start with the prefix g-, such as g-project.
    • Must not end with a hyphen.
    • Must not end with the string -cluster or -system. The -system suffix is reserved for projects created by GDCH.
    • Must not be in use or previously used; this includes deleted projects.

Don't include sensitive information in your project name, project ID, or other resource names. The project ID is used in the name of many other GDCH resources, and any reference to the project or related resources exposes the project ID and resource name.

Create a new project

You can create a project to provide logical grouping of service resources. For example, you can create separate projects to hold resources for development, test, and production environments.

To get the permissions that you need to create a project, ask your Organization IAM Admin to grant you the Project Creator role. For more information on granting permissions, see the Assign a role binding to the service identity section.

Console

To create a new project using the GDCH console, complete the following steps:

  1. In the navigation menu, click Projects.
  2. Click Add project.
  3. In the Project name field, enter a project name.
  4. Select the values for Task order and Contract line item number (CLIN). Your Infrastructure Operator (IO) defines these fields during organization creation, and are required for metering and billing.

    1. Select the applicable task order from the drop-down menu. You cannot select the dependent CLIN until you've chosen the task order.

    2. Select the CLIN that corresponds to the selected task order.

  5. Click Next.

  6. Select the existing clusters to attach to the project. Click Next.

  7. Optional: Configure your project's networking capabilities. Clear the Enable data exfiltration protection checkbox to disable all egress traffic to other projects inside your organization.

  8. Click Next.

  9. In the Review section, review the summary and click Create.

  10. To verify the new project is available, a message is displayed in the console: Project PROJECT_NAME successfully created.

gdcloud

To create a new project using the gdcloud CLI, complete the following steps:

  1. Ensure you have the gdcloud CLI installed. For more information, see the gdcloud CLI Overview page.

  2. You are required to define labels for a task order and contract line item number (CLIN). These labels were defined by your Infrastructure Operator (IO) during organization creation and are required for metering and billing. To print the available values for these labels, run:

    kubectl --kubeconfig=ORG_ADMIN_KUBECONFIG \
        get configmap atat-portfolio -n atat-system -o yaml
    

    The output looks similar to the following:

    apiVersion: v1
    data:
      portfolio: |
        default_clin_number: "0001"
        default_task_order_number: GDCH_INTERNAL
        task_orders:
        - clins:
          - clin_number: "0001"
            pop_end_date: "2200-01-01"
            pop_start_date: "2000-01-01"
          pop_end_date: "2200-01-01"
          pop_start_date: "2000-01-01"
          task_order_number: GDCH_INTERNAL
      kind: ConfigMap
      metadata:
        name: atat-portfolio
        namespace: atat-system
    

    If the default_task_order_number value is GDCH_INTERNAL, note that value and the accompanying default_clin_number value. These must be used in the next step when creating the project. If there are unique values available for the task order, reach out to your IO for more information.

  3. To create a project, run:

    gdcloud projects create PROJECT_ID \
        --task-order TASK_ORDER \
        --clin CLIN
    

    Replace the following:

    • PROJECT_ID: the unique identifier for your new project.
    • TASK_ORDER: the task order number you found in the previous step.
    • CLIN: the four-digit CLIN you found in the previous step.
  4. To verify the new project is available, run:

    gdcloud projects list
    

API

To create a new project using the API directly, complete the following steps:

  1. You are required to define labels for a task order and contract line item number (CLIN). These labels were defined by your Infrastructure Operator (IO) during organization creation and are required for metering and billing. To print the available values for these labels, run:

    kubectl --kubeconfig=ORG_ADMIN_KUBECONFIG \
        get configmap atat-portfolio -n atat-system -o yaml
    

    The output looks similar to the following:

    apiVersion: v1
    data:
      portfolio: |
        default_clin_number: "0001"
        default_task_order_number: GDCH_INTERNAL
        task_orders:
        - clins:
          - clin_number: "0001"
            pop_end_date: "2200-01-01"
            pop_start_date: "2000-01-01"
          pop_end_date: "2200-01-01"
          pop_start_date: "2000-01-01"
          task_order_number: GDCH_INTERNAL
      kind: ConfigMap
      metadata:
        name: atat-portfolio
        namespace: atat-system
    

    If the default_task_order_number value is GDCH_INTERNAL, note that value and the accompanying default_clin_number value. These must be used in the next step when creating the project. If there are unique values available for the task order, reach out to your IO for more information.

  2. Create and apply the Project custom resource:

    kubectl apply -f - <<EOF
    apiVersion: resourcemanager.gdc.goog/v1
    kind: Project
    metadata:
      namespace: platform
      name: PROJECT_ID
      labels:
        atat.config.google.com/task-order-number: TASK_ORDER
        atat.config.google.com/clin-number: CLIN
    EOF
    

    Replace the following:

    • PROJECT_ID: the unique identifier for your new project.
    • TASK_ORDER: the task order number you found in the previous step.
    • CLIN: the four-digit CLIN you found in the previous step.
  3. Verify the new project is available:

    kubectl get namespaces