Google Distributed Cloud (GDC) air-gapped projects form the basis for creating, enabling, and using all GDC services including managing APIs, adding and removing collaborators, and managing permissions for GDC resources.
This page explains how to manage GDC projects using the
GDC console, gdcloud CLI, and kubectl CLI.
Before you begin
To get the permissions needed to edit an existing project or view a project's
resources, ask your Organization IAM Admin to grant you the Project Editor role
(project-editor).
To get the permissions needed to only view a project's resources without the
ability to edit the project, ask your Organization IAM Admin to grant you the
Project Viewer role (project-viewer).
To use the gdcloud CLI, ensure you have it installed. For more information, see the gdcloud CLI Overview page.
View project details
You can view your project's metadata to review current configurations such as labels and network settings.
Console
Open the navigation menu and select Projects.
Click the project you want to view details for.
gdcloud
To list the metadata for a specific project, run:
gdcloud projects describe PROJECT_ID
Replace PROJECT_ID with the unique identifier for
your project.
Check project resources
You can check project resources to monitor the segmentation of resources within an organization. You can also check user and group access policies, which you define per project to provide boundaries between projects.
Check a cluster
To print information about a project's cluster, run:
kubectl describe CLUSTER_NAME -n CLUSTER_NAMESPACE
For more information on attaching projects to a cluster, see Move clusters in project hierarchy.
List role bindings in a project
To list the role bindings in a project, run:
kubectl get rolebindings -n PROJECT_NAMESPACE
For more information on project role bindings, see the Assign a role binding to the service identity documentation.
Select a project or organization
In the GDC console, you can select a project or organization using the project picker to interact with the service resources nested under that parent resource. For more information on how resources are organized, see the GDC resource hierarchy. For example, a Kubernetes cluster is organization-scoped, whereas a virtual machine (VM) is project-scoped.
The project picker automatically transitions between the most recent parent resource types when the context of the child resource changes. For example, when you access a project-scoped resource when you have an organization selected in the project picker, the picker automatically selects the last used project to seamlessly change the resource scope. Likewise, the organization is autoselected when accessing organization-scoped resources.
To interact with GDC resources nested in a parent resource, you must first select the organization or project to work in:
From the dashboard, click the project picker drop-down.
In the Projects window that appears, select your project or organization.
Click Open.
Update a project
Some project configurations, including project name and data exfiltration protection, can be updated after project creation. As your project usage evolves, you can update these configurations using the gdcloud CLI.
For example, to edit the project's name, run:
gdcloud projects update PROJECT_ID --name=PROJECT_NAME
Replace the following variables:
PROJECT_ID: the unique identifier for your project.PROJECT_NAME: the new name for the project. You can replace the--nameparameter with any editable project field.
Run gdcloud projects update --help for more options.
View projects in an organization
As an Administrator, you can only view and list projects you have access to with IAM roles. The Organization IAM Admin role can view and list all projects in the organization.
Console
To view all projects in an organization, go to the console's navigation menu and select Projects.
gdcloud
To view all projects you have access to in an organization, run:
gdcloud projects list
You cannot list projects you do not have permission to access.