Manage resources across zones

In a multi-zone universe, you must manage your zonal and global resources for high availability. Each surface, whether it be the GDC console, gdcloud CLI, APIs, or Terraform, provide mechanisms to appropriately manage your resources in a designated zone for zonal resources, or globally for resources supported for global provisioning.

This document highlights the ways you can manage resources across multiple zones.

Switch to the global context

Manage your resources globally by switching to the global context.

GDC console

The global context is set by navigating to the global URL, which follows this syntax:

  https://console.ORG_NAME.SUFFIX

Navigate to the global URL to have a global view of your resources across zones.

gdcloud

The global URL is set with the organization_console_url parameter when initializing the gdcloud CLI default configuration. The global context is assumed unless you have explicitly set a zonal context.

To revert back to the global URL, complete the following steps:

Set your default organization console URL to the global URL:

gdcloud config set core/organization_console_url GLOBAL_URL

Sign in to the global context:
```
gdcloud auth login --login-config-cert=CA_CERT
```
Replace CA_CERT with the certificate authority (CA) certificate installed in the system's trusted certificates store. For more information, see Web TLS certificate configuration.

API

You must explicitly define the kubeconfig file for the global management API server in your kubectl commands when managing or provisioning global KRM API custom resources. For example:

  kubectl apply -f resource.yaml --kubeconfig GLOBAL_API_SERVER

You can set the global context for your API calls automatically by setting your kubectl context to the global API server. See Sign in for details.

Terraform

You must explicitly define the global management API server in your Terraform module and initialize it:

Define the kubeconfig file for the global management API server in a Terraform file within your module, such as the main.tf file:
```
provider "kubernetes" {
  config_path = "GLOBAL_API_SERVER"
}
```
See Sign in for details on how to acquire the kubeconfig file of the global management API server.
Apply the new global context for your Terraform module:
```
terraform apply
```

All subsequent Terraform actions are called in the global context.

Switch to a zonal context

Manage the resources of a particular zone by switching to a zonal context.

GDC console

The zonal context is set by navigating to the zonal URL, which follows this syntax:

  https://console.ORG_NAME.ZONE.SUFFIX

Navigate to the zonal URL to view the resources that are hosted within the single zone.

Many resource pages also offer zone scope pickers, which let you switch between zonal contexts from within the GDC console page.

Select a zone to display the resources that are present in that specific zone.

Select your zonal context from the provided mechanisms to view and manage your zonal resources.

gdcloud

Because the global context is configured by default when using the gdcloud CLI, you must explicitly set your zonal context to manipulate zonal resources. You can perform this action in one of the following three ways, depending on your preferred workflow:

Set the default zone configuration: Recommended if you primarily work in zonal contexts.
Set the zonal URL configuration: Recommended if you plan to frequently switch between global and zonal contexts.
Apply the --zone flag: Recommended if you want flexibility to directly apply a zonal context without any gdcloud CLI configuration updates.

Complete the following steps to apply one of these approaches:

Set the default zone configuration

Set the zone configuration for your gdcloud CLI instance:
```
gdcloud config set core/zone ZONE_NAME
```
Replace ZONE_NAME with the name of the zone to set for your context. See List zones in a universe for instructions on finding a zone name.

Note: The gdcloud CLI does not support unsetting a configuration. Therefore, to remove the zonal context configuration and revert back to the global context, you must reinitialize your gdcloud CLI instance.

Set the zonal URL configuration

Set your default organization console URL to the zonal URL:

  gdcloud config set core/organization_console_url ZONAL_URL

Sign in to the zone:
```
  gdcloud auth login --login-config-cert=CA_CERT
```
Replace CA_CERT with the certificate authority (CA) certificate installed in the system's trusted certificates store. For more information, see Web TLS certificate configuration.

Apply the --zone flag

Run your gdcloud CLI command with the --zone flag included. For example:
```
gdcloud auth print-identity-token --zone=ZONE_NAME
```
You can set the --zone flag for any command that supports it. View the gdcloud CLI reference documentation for your specific command to confirm the --zone flag is available.

You can use the --zone flag from any global or zonal context.

API

You must explicitly define the kubeconfig file for the zonal management API server in your kubectl commands when managing or provisioning zonal KRM API custom resources. For example:

  kubectl apply -f resource.yaml --kubeconfig ZONAL_API_SERVER

You can set the zonal context for your API calls automatically by setting your kubectl context to the zone's management API server. See Sign in for details.

Terraform

You must explicitly define the zonal management API server in your Terraform module and initialize it:

Define the kubeconfig file for the zonal management API server in a Terraform file within your module, such as the main.tf file:
```
provider "kubernetes" {
  config_path = "ZONAL_API_SERVER"
}
```
See Sign in for details on how to acquire the kubeconfig file of the zonal management API server.
Apply the new global context for your Terraform module:
```
terraform apply
```

All subsequent Terraform actions are called in the context of the zone you configured.

List zones in a universe

To list all zones in your universe, run:

  gdcloud zones list

The output looks similar to the following:

  METADATA.NAME
  us-east1-a
  us-east2-a
  us-east3-a