Manage projects and their resources

Google Distributed Cloud (GDC) air-gapped projects form the basis for creating, enabling, and using all GDC services including managing APIs, adding and removing collaborators, and managing permissions for GDC resources.

This page explains how to manage GDC projects using the GDC console, gdcloud CLI, and kubectl CLI.

Before you begin

To get the permissions needed to edit an existing project or view a project's resources, ask your Organization IAM Admin to grant you the Project Editor role (project-editor).

To get the permissions needed to only view a project's resources without the ability to edit the project, ask your Organization IAM Admin to grant you the Project Viewer role (project-viewer).

To use the gdcloud CLI, ensure you have it installed. For more information, see the gdcloud CLI Overview page.

View project details

You can view your project's metadata to review current configurations such as labels and network settings.

gdcloud projects describe PROJECT_ID

Check project resources

You can check project resources to monitor the segmentation of resources within an organization. You can also check user and group access policies, which you define per project to provide boundaries between projects.

Check a cluster

To print information about a project's cluster, run:

kubectl describe CLUSTER_NAME -n CLUSTER_NAMESPACE

For more information on attaching projects to a cluster, see Move clusters in project hierarchy.

List role bindings in a project

To list the role bindings in a project, run:

kubectl get rolebindings -n PROJECT_NAMESPACE

For more information on project role bindings, see the Assign a role binding to the service identity documentation.

Select a project or organization

In the GDC console, you can select a project or organization using the project picker to interact with the service resources nested under that parent resource. For more information on how resources are organized, see the GDC resource hierarchy. For example, a Kubernetes cluster is organization-scoped, whereas a virtual machine (VM) is project-scoped.

The project picker automatically transitions between the most recent parent resource types when the context of the child resource changes. For example, when you access a project-scoped resource when you have an organization selected in the project picker, the picker automatically selects the last used project to seamlessly change the resource scope. Likewise, the organization is autoselected when accessing organization-scoped resources.

To interact with GDC resources nested in a parent resource, you must first select the organization or project to work in:

1. From the dashboard, click the project picker drop-down.

   

2. In the Projects window that appears, select your project or organization.

3. Click Open.

Update a project

There are a subset of configurations for your project that can be updated after creation, such as project name and data exfiltration protection. You can update these configurations as your usage of the project evolves.

For example, you can edit the project's name by completing the following steps:

gdcloud projects update PROJECT_ID --name=PROJECT_NAME

View projects in an organization

As an Administrator, you can only view and list projects you have access to with IAM roles. The Organization IAM Admin role can view and list all projects in the organization.

gdcloud projects list