Google Distributed Cloud (GDC) air-gapped operates as a multi-zone universe. This means there are zonal resources and global resources that are deployed to different API servers, which are managed independently by the system. An API server provides a single endpoint for creating, managing, and deleting API resources with a strongly consistent storage backend.
Management API servers
There are two management API server types:
- Global API server
- Zonal API server(s)
There is always only one global API server for your universe. Likewise, there is a zonal API server for each zone that you operate. Even if you operate in a single zone environment, there is one global API server and a zonal API server for the single zone.
Zonal resources are deployed to a zonal API server and operate within a single zone independently. A zonal outage can affect some or all of the resources in that zone. Global resources are deployed in the global API server and operate with redundancy across multiple zones for fault tolerance.
You must have an understanding of this architecture to appropriately deploy your resources for high availability. While some resources can be deployed both globally or operate in a single zone independently, there are others that are global or zonal only. Refer to the appropriate documentation of a resource type for more information.
Each surface, whether it be the GDC console, gdcloud CLI, APIs, or Terraform, provide mechanisms to appropriately deploy your resource to a designated management API server.
GDC console
The GDC console provides a zone scope picker across many pages.
By using the zone scope picker, you can target specific zones for resource management tasks.
If a resource can span both a single zone or multiple zones, you have the option to create and manage that resource according to your zonal or global deployment choice.
The GDC console lets you dynamically choose the zone and provides a comprehensive view of all GDC resources and services that are available for that location.
The selected zone or global context is rendered by navigating to the global or zonal URL. The URLs correspond to the API servers hosted for the particular zonal or global context. For example, selecting the global context navigates you to the global URL:
https://console.ORG_NAME.SUFFIX
Likewise, selecting a particular zone in the console navigates to the zonal URL:
https://console.ORG_NAME.ZONE.SUFFIX
gdcloud CLI
The gdcloud CLI provides ways to interact with the zonal or global API to manage your resources and their deployment strategy, such as:
- Sign in to the zonal or global console URL using the CLI
- Use a zonal CLI flag for specific zone actions
The global URL is what is configured by default when initializing the gdcloud CLI. You can update your gdcloud configuration to set zonal URLs and sign in to them to complete zone-specific tasks.
Likewise, the gdcloud CLI offers a --zone flag that you can set for
many resource management tasks across command groups. When logged in to the
global URL configuration, your CLI actions on global resources are applied to
all zones for which they are in scope.
For more information on using the gdcloud CLI for zonal and global services, see Manage resources across zones.
API and Terraform
You can use KRM APIs, and by extension Terraform, to target the zonal or global API server and interact with the resources hosted there. GDC provides a way to set your API server context using kubectl, letting you configure the kubeconfig file for the appropriate API server. With the context set, you can apply and manipulate your custom resources hosted in the zone, or if deployed globally, across multiple zones.
For more information on switching API server context using kubectl, see Sign in.