Manage projects and their resources

Google Distributed Cloud (GDC) air-gapped projects form the basis for creating, enabling, and using all GDC services including managing APIs, adding and removing collaborators, and managing permissions for GDC resources.

This page explains how to manage GDC projects using the GDC console, gdcloud CLI, and kubectl CLI.

Before you begin

To get the permissions needed to edit an existing project or view a project's resources, ask your Organization IAM Admin to grant you the Project Editor role (project-editor).

To get the permissions needed to only view a project's resources without the ability to edit the project, ask your Organization IAM Admin to grant you the Project Viewer role (project-viewer).

To use the gdcloud CLI, ensure you have it installed. For more information, see the gdcloud CLI Overview page.

View project details

You can view your project's metadata to review current configurations such as attached clusters, labels, and network settings.

Console

  1. Open the navigation menu and select Projects.

  2. Click the project you want to view details for:

View project details such as project name, attached clusters, and network settings.

gdcloud

To list the metadata for a specific project, run:

gdcloud projects describe PROJECT_ID

Replace PROJECT_ID with the unique identifier for your project.

Check project resources

You can check project resources to monitor the segmentation of resources within an organization. You can also check user and group access policies, which you define per project to provide boundaries between projects.

Check a cluster

To print information about a project's cluster, run:

kubectl describe CLUSTER_NAME -n CLUSTER_NAMESPACE

For more information on adding a user cluster to a project, see Add user cluster to a project.

List role bindings in a project

To list the role bindings in a project, run:

kubectl get rolebindings -n PROJECT_NAMESPACE

For more information on project role bindings, see the Assign a role binding to the service identity documentation.

Select a project or organization

In the GDC console, you can select a project or organization using the project picker to interact with the service resources nested under that parent resource. For more information on how resources are organized, see the GDC resource hierarchy. For example, a Kubernetes cluster is organization-scoped, whereas a virtual machine (VM) is project-scoped.

The project picker automatically transitions between the most recent parent resource types when the context of the child resource changes. For example, when you access a project-scoped resource when you have an organization selected in the project picker, the picker automatically selects the last used project to seamlessly change the resource scope. Likewise, the organization is autoselected when accessing organization-scoped resources.

To interact with GDC resources nested in a parent resource, you must first select the organization or project to work in:

  1. From the dashboard, click the project picker drop-down.

    Select the project or organization to work in from the project picker.

  2. In the Projects window that appears, select your project or organization.

  3. Click Open.

Update a project

There are a subset of configurations for your project that can be updated after creation, such as project name and data exfiltration protection. You can update these configurations as your usage of the project evolves.

For example, you can edit the project's name by completing the following steps:

Console

  1. Open the navigation menu and select Projects.

  2. Click the project you want to edit.

  3. Click edit Edit next to the Project display name field.

  4. Provide the updated project name and click Save.

gdcloud

Run the following command:

gdcloud projects update PROJECT_ID --name=PROJECT_NAME

Replace the following variables:

  • PROJECT_ID: the unique identifier for your project.
  • PROJECT_NAME: the new name for the project.

You can replace the --name parameter with any editable project field. Run gdcloud projects update --help for more options.

View projects in an organization

As an Administrator, you can only view and list projects you have access to with IAM roles. The Organization IAM Admin role can view and list all projects in the organization.

Console

To view all projects in an organization, go to the console's navigation menu and select Projects.

gdcloud

To view all projects you have access to in an organization, run:

gdcloud projects list

You cannot list projects you do not have permission to access.

Move user clusters in project hierarchy

Projects provide logical grouping of service instances. You can add and delete user clusters in the GDC project hierarchy to group your services appropriately.

Add user cluster to a project

When creating a project from the GDC console, you have the option to add user clusters before you initiate project creation. If you must add clusters to an existing project, complete the following steps:

  1. In the navigation menu, select Projects.
  2. Click the project from the project list to open the Project details page.
  3. Select Add clusters.
  4. Select the available clusters to add from the cluster list. Click Save.

Remove user cluster from a project

To remove user clusters from an existing project, complete the following steps:

  1. In the navigation menu, select Projects.
  2. Click the project from the project list to open the Project details page.
  3. Select the cluster to remove from the cluster list and click Remove clusters.

  4. In the confirmation prompt, type the cluster name in the text field and click Remove.