This document explains how to select a Google Distributed Cloud (GDC) air-gapped project and view details of all projects to which you have access. GDC projects form the basis for creating, enabling, and using all GDC services including managing APIs, adding and removing collaborators, and managing permissions for GDC resources.
This document is for audiences such as IT administrators, security engineers, and network administrators within the platform administrator group, who are responsible for managing resources within their organization. For more information, see Audiences for GDC air-gapped documentation.
Before you begin
To perform the tasks in this document, you must complete the following requirements:
To get the permissions that you need to view a project and its resources, ask your Organization IAM Admin to grant you the Project Viewer role (
project-viewer).To use the gdcloud CLI, ensure you have it installed. For more information, see Install the gdcloud CLI.
View project details
You can view your project's metadata to review current configurations, such as labels and network settings.
Console
Open the navigation menu and select Projects.
Click the project you want to view details for.
gdcloud
To list the metadata for a specific project, run:
gdcloud projects describe PROJECT_IDReplace
PROJECT_IDwith the unique identifier for your project.
Check project resources
You can check project resources to monitor the segmentation of resources within an organization. You can also check user and group access policies, which you define per project to provide boundaries between projects.
Check a cluster
You can check that a project is attached to a Kubernetes cluster, which is required for the container workloads that reside in your project.
Print information about a project's cluster:
kubectl describe CLUSTER_NAME -n CLUSTER_NAMESPACE
For more information on attaching projects to a cluster, see Move clusters in project hierarchy.
List role bindings in a project
You can list the role bindings associated with your project namespace to monitor the roles to which users within the project are assigned.
List the role bindings in a project:
kubectl get rolebindings -n PROJECT_NAMESPACE
For more information on project role bindings, see the Assign a role binding to the service identity documentation.
View projects in an organization
You can only view and list projects you have access to with IAM roles. The Organization IAM Admin role can view and list all projects in the organization.
Console
- To view all projects in an organization, go to the console's navigation menu and select Projects.
gdcloud
To view all projects you have access to in an organization, run:
gdcloud projects listYou cannot list projects you don't have permission to access.
Select a project or organization
In the GDC console, you can select a project or organization using the project picker to interact with the service resources that belong to that parent resource. For more information about how resources are organized, see the GDC resource hierarchy. For example, a Kubernetes cluster is organization-scoped, whereas a virtual machine (VM) is project-scoped.
The project picker automatically transitions between the most recent parent resource types when the context of the child resource changes. For example, when you access a project-scoped resource when you have an organization selected in the project picker, the picker automatically selects the last used project to seamlessly change the resource scope. Likewise, the organization is autoselected when accessing organization-scoped resources.
To interact with GDC resources that belong to a parent resource, you must first select the organization or project to work in:
From the dashboard, click the project picker drop-down.
In the Projects window that appears, select your project or organization.
Click Open.