Stay organized with collections
Save and categorize content based on your preferences.
This page describes how to create a project.
To learn more about projects, see
Project overview
in the Google Distributed Cloud air-gapped documentation.
Sign in as Platform Admin
To create a project, you will need an account with the necessary permissions.
Make sure you have followed the steps in
Set up the Platform Admin account
to assign the necessary roles to the administrator account, and
connect to the instance using that account.
Create a project
To create a project in your GDC Sandbox instance, perform the following
steps. These steps include some specific values that you must use when
creating a project in your GDC Sandbox instance.
In the navigation menu, click Projects.
Click Add project.
In the Project name field, enter a project name. Take note of
the project name you specify: it will be used in commands. For example,
this name is used as the namespace parameter for kubectl commands.
Optional: Configure your project's networking capabilities. Clear the Enable data exfiltration protection checkbox to enable all egress
traffic to other projects inside your organization.
Click Create.
To verify the new project is available, a message is displayed in the
console: Project PROJECT_NAME
successfully created.
For more details about project creation, refer to the Google Distributed Cloud air-gapped
documentation, Create a project.
Add the Platform Admin to the project
Wait 30 seconds and refresh the page to see your project in the Projects
page.
Click the project name in the project list.
In the Project Access section, click Go to Identity Access Management.
Click Add member.
In the Identity provider list, select fake-oidc-provider.
In the Member type list, click User.
In the Username or group alias field, enter platform-admin@example.com.
In the Role list, select Project IAM Admin.
Click Add. The Platform Admin is added to the project and appears in the
list of users, as fop-platform-admin@example.com .
To add another project role, find the fop-platform-admin@example.com user
in the list and click more_vert>Edit Roles. For example, if you want to add permissions for generative
AI development, you might add the following roles:
Dashboard Editor
Harbor Instance Admin
KMS Admin
MonitoringRule Editor
Project Grafana Viewer
Global PNP
Click Save.
If you see a permissions error message during your GDC Sandbox
experience in the Console, API, or CLI, copy the error message to determine the
required role. Review both Identity & Access and Project Access to
locate and apply desired role permissions for your use case.
Add more users
Optional: Create more users that have more granular access using the
GDC console.
Click Add member.
In the Identity provider list, select fake-oidc-provider.
In the Member type list, click User.
In the Username or group alias field, enter your username.
In the Role list, select the role that you want to assign to the user,
such as Project Creator.
Click Add.
Click logoutLogout in the menu bar
to return to the Fake OIDC Provider page.
Select Custom User.
Enter a custom username.
Click Submit.
Attach clusters (optional)
Optionally, you can attach a Kubernetes cluster to your project. Your instance
comes with two clusters for container-based workloads, user-vm-1 and
user-vm-2, as described in Working with clusters.
You completed your first sign in, configured user roles, and created a project.
You can review Manage identity and access to learn more
about role definitions, or proceed to the following sections to begin
working with resources such as containers and virtual machines.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Create your first project\n\nThis page describes how to create a project.\nTo learn more about projects, see\n[Project overview](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/project-management)\nin the Google Distributed Cloud air-gapped documentation.\n\nSign in as Platform Admin\n-------------------------\n\nTo create a project, you will need an account with the necessary permissions.\nMake sure you have followed the steps in\n[Set up the Platform Admin account](/distributed-cloud/sandbox/latest/platform-admin)\nto assign the necessary roles to the administrator account, and\n[connect](/distributed-cloud/sandbox/latest/connect) to the instance using that account.\n\nCreate a project\n----------------\n\nTo create a project in your GDC Sandbox instance, perform the following\nsteps. These steps include some specific values that you must use when\ncreating a project in your GDC Sandbox instance.\n\n1. In the navigation menu, click **Projects**.\n2. Click **Add project**.\n3. In the **Project name** field, enter a project name. Take note of the project name you specify: it will be used in commands. For example, this name is used as the `namespace` parameter for `kubectl` commands.\n4. Optional: Configure your project's networking capabilities. Clear the **Enable data exfiltration protection** checkbox to enable all egress traffic to other projects inside your organization.\n5. Click **Create**.\n6. To verify the new project is available, a message is displayed in the console: `Project `\u003cvar class=\"readonly\" translate=\"no\"\u003ePROJECT_NAME\u003c/var\u003e`\n successfully created`.\n\nFor more details about project creation, refer to the Google Distributed Cloud air-gapped\ndocumentation, [Create a project](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/create-a-project).\n\nAdd the Platform Admin to the project\n-------------------------------------\n\n1. Wait 30 seconds and refresh the page to see your project in the Projects page.\n2. Click the project name in the project list.\n3. In the Project Access section, click **Go to Identity Access Management**.\n4. Click **Add member**.\n5. In the **Identity provider** list, select **fake-oidc-provider**.\n6. In the **Member type** list, click **User**.\n7. In the **Username or group alias** field, enter `platform-admin@example.com`.\n8. In the **Role** list, select **Project IAM Admin**.\n9. Click **Add** . The Platform Admin is added to the project and appears in the list of users, as `fop-platform-admin@example.com` .\n10. To add another project role, find the `fop-platform-admin@example.com` user in the list and click more_vert \\\u003e **Edit Roles** . For example, if you want to add permissions for generative AI development, you might add the following roles:\n - Dashboard Editor\n - Harbor Instance Admin\n - KMS Admin\n - MonitoringRule Editor\n - Project Grafana Viewer\n - Global PNP\n11. Click **Save**.\n\nIf you see a permissions error message during your GDC Sandbox\nexperience in the Console, API, or CLI, copy the error message to determine the\nrequired role. Review both **Identity \\& Access** and **Project Access** to\nlocate and apply desired role permissions for your use case.\n\nAdd more users\n--------------\n\nOptional: Create more users that have more granular access using the\nGDC console.\n\n1. Click **Add member**.\n2. In the **Identity provider** list, select **fake-oidc-provider**.\n3. In the **Member type** list, click **User**.\n4. In the **Username or group alias** field, enter your username.\n5. In the **Role** list, select the role that you want to assign to the user, such as **Project Creator**.\n6. Click **Add**.\n7. Click logout **Logout** in the menu bar to return to the Fake OIDC Provider page.\n8. Select **Custom User**.\n9. Enter a custom username.\n10. Click **Submit**.\n\n | **Note:** The custom username is automatically created with a 'fop-' prefix, but it should not be included when logging in.\n\n### Attach clusters (optional)\n\nOptionally, you can attach a Kubernetes cluster to your project. Your instance\ncomes with two clusters for container-based workloads, `user-vm-1` and\n`user-vm-2`, as described in [Working with clusters](/distributed-cloud/sandbox/latest/clusters).\n\nTo attach a cluster to your project, see\n[Attach projects to a cluster](/distributed-cloud/hosted/docs/latest/gdch/platform-application/pa-ao-operations/cluster#attach-project-to-cluster)\nin the Distributed Cloud documentation.\n\nWhat's next\n-----------\n\nYou completed your first sign in, configured user roles, and created a project.\nYou can review [Manage identity and access](/distributed-cloud/sandbox/latest/iam) to learn more\nabout role definitions, or proceed to the following sections to begin\nworking with resources such as containers and virtual machines."]]