Google Distributed Cloud (GDC) air-gapped projects form the basis for creating, enabling, and using all GDC services including managing APIs, adding and removing collaborators, and managing permissions for GDC resources.
This page explains how to manage GDC projects using the
GDC console, gdcloud CLI, and kubectl
CLI.
Before you begin
To get the permissions needed to edit an existing project or view a project's
resources, ask your Organization IAM Admin to grant you the Project Editor role
(project-editor
).
To get the permissions needed to only view a project's resources without the
ability to edit the project, ask your Organization IAM Admin to grant you the
Project Viewer role (project-viewer
).
To use the gdcloud CLI, ensure you have it installed. For more information, see the gdcloud CLI Overview page.
View project details
You can view your project's metadata to review current configurations such as attached clusters, labels, and network settings.
Console
Open the navigation menu and select Projects.
Click the project you want to view details for:
gdcloud
To list the metadata for a specific project, run:
gdcloud projects describe PROJECT_ID
Replace PROJECT_ID
with the unique identifier for
your project.
Check project resources
You can check project resources to monitor the segmentation of resources within an organization. You can also check user and group access policies, which you define per project to provide boundaries between projects.
Check a cluster
To print information about a project's cluster, run:
kubectl describe CLUSTER_NAME -n CLUSTER_NAMESPACE
For more information on adding a user cluster to a project, see Add user cluster to a project.
List role bindings in a project
To list the role bindings in a project, run:
kubectl get rolebindings -n PROJECT_NAMESPACE
For more information on project role bindings, see the Assign a role binding to the service identity documentation.
Select a project or organization
In the GDC console, you can select a project or organization using the project picker to interact with the service resources nested under that parent resource. For more information on how resources are organized, see the GDC resource hierarchy. For example, a Kubernetes cluster is organization-scoped, whereas a virtual machine (VM) is project-scoped.
The project picker automatically transitions between the most recent parent resource types when the context of the child resource changes. For example, when you access a project-scoped resource when you have an organization selected in the project picker, the picker automatically selects the last used project to seamlessly change the resource scope. Likewise, the organization is autoselected when accessing organization-scoped resources.
To interact with GDC resources nested in a parent resource, you must first select the organization or project to work in:
From the dashboard, click the project picker drop-down.
In the Projects window that appears, select your project or organization.
Click Open.
Update a project
There are a subset of configurations for your project that can be updated after creation, such as project name and data exfiltration protection. You can update these configurations as your usage of the project evolves.
For example, you can edit the project's name by completing the following steps:
Console
Open the navigation menu and select Projects.
Click the project you want to edit.
Click edit Edit next to the Project display name field.
Provide the updated project name and click Save.
gdcloud
Run the following command:
gdcloud projects update PROJECT_ID --name=PROJECT_NAME
Replace the following variables:
PROJECT_ID
: the unique identifier for your project.PROJECT_NAME
: the new name for the project.
You can replace the --name
parameter with any editable project field. Run
gdcloud projects update --help
for more options.
View projects in an organization
As an Administrator, you can only view and list projects you have access to with IAM roles. The Organization IAM Admin role can view and list all projects in the organization.
Console
To view all projects in an organization, go to the console's navigation menu and select Projects.
gdcloud
To view all projects you have access to in an organization, run:
gdcloud projects list
You cannot list projects you do not have permission to access.
Move user clusters in project hierarchy
Projects provide logical grouping of service instances. You can add and delete user clusters in the GDC project hierarchy to group your services appropriately.
Add user cluster to a project
When creating a project from the GDC console, you have the option to add user clusters before you initiate project creation. If you must add clusters to an existing project, complete the following steps:
- In the navigation menu, select Projects.
- Click the project from the project list to open the Project details page.
- Select Add clusters.
- Select the available clusters to add from the cluster list. Click Save.
Remove user cluster from a project
To remove user clusters from an existing project, complete the following steps:
- In the navigation menu, select Projects.
- Click the project from the project list to open the Project details page.
Select the cluster to remove from the cluster list and click Remove clusters.
In the confirmation prompt, type the cluster name in the text field and click Remove.