Create a project

This document explains how to create a Google Distributed Cloud (GDC) air-gapped project for grouping your resources within an organization. Projects provide a lifecycle and policy boundary for resources, allowing for multiple groups of users to manage GDC resources separately.

This document is for audiences such as IT administrators, security engineers, and network administrators within the platform administrator group who are responsible for managing resources within their organization. For more information, see Audiences for GDC air-gapped documentation.

Before you begin

To perform the tasks in this document, you must complete the following:

To get the permissions that you need to create a project, ask your Organization IAM Admin to grant you the Project Creator role (project-creator).
To use the gdcloud CLI, ensure you have it installed. For more information, see Install the gdcloud CLI.
To use Terraform, ensure you have it configured. For more information, see Configure Terraform.

Create a new project

You can create a project to provide logical grouping of service resources. For example, you can create separate projects to hold resources for development, test, and production environments.

To get the permissions that you need to create a project, ask your Organization IAM Admin to grant you the Project Creator role. For more information on granting permissions, see the Assign a role binding to the service identity section.

Console

To create a new project using the GDC console, complete the following steps:

In the navigation menu, click Projects.
Click Add project.
In the Project name field, enter a project name.
Specify the billing account ID to associate with the project. To track project resource costs, your project must be linked to a billing account. For more information, see Create and link billing accounts.
Click Continue.
Optional: Configure your project's networking capabilities. Clear the Enable data exfiltration protection checkbox to disable all egress traffic to other projects inside your organization.
Click Continue.
In the Review section, review the summary and click Create.
To verify the new project is available, a message is displayed in the console: Project PROJECT_NAME successfully created.

gdcloud

To create a new project using the gdcloud CLI, complete the following steps:

To create a project, run:
```
gdcloud projects create PROJECT_ID
```
Replace PROJECT_ID with the unique identifier for your new project.

Important: The gdcloud CLI doesn't support attaching a project to a Kubernetes cluster. After creating a project, you can attach it to a cluster using the GDC console. For more information, see Attach project to a cluster.
Verify the new project is available:
```
gdcloud projects list
```
The output is similar to the following:
```
METADATA.NAME
my-project
```
Link your new project with a billing account. To track project resource costs, you must have an associated billing account linked to your project.

API

To create a new project using the API directly, complete the following steps:

Set an environment variable for the global management API server kubeconfig file:
```
export KUBECONFIG=GLOBAL_API_SERVER_KUBECONFIG
```
If you don't have the global management API server kubeconfig file, generate one.
Create and apply the Project custom resource:
```
kubectl --kubeconfig=${KUBECONFIG} apply -f - <<EOF
apiVersion: resourcemanager.global.gdc.goog/v1
kind: Project
metadata:
  namespace: platform
  name: PROJECT_ID
EOF
```
Replace PROJECT_ID with the unique identifier for your new project.

Important: The Project Kubernetes manifest doesn't support attaching a Kubernetes cluster. After your project is provisioned, you can attach it to a cluster using the GDC console. For more information, see Attach project to a cluster.

Verify the new project is available:

kubectl --kubeconfig=${KUBECONFIG} get projects -n platform

The output is similar to the following:

NAME           READY
my-project

Link your new project with a billing account. To track project resource costs, you must have an associated billing account linked to your project.

Terraform

To create a new project using Terraform, complete the following steps:

Ensure you have Terraform configured and the appropriate permissions set. For more information, see the Configure Terraform page.
In a Terraform configuration file, insert the following code snippet:
```
provider "kubernetes" {
  config_path = "GLOBAL_API_SERVER_KUBECONFIG"
}
```
Replace GLOBAL_API_SERVER_KUBECONFIG with the path to the global management API server's kubeconfig file. If you don't have this kubeconfig file, generate one.
In a Terraform configuration file, such as main.tf, insert the following code snippet:
```
resource "kubernetes_manifest" "project-create" {
  manifest = {
    "apiVersion" = "resourcemanager.global.gdc.goog/v1"
    "kind" = "Project"
    "metadata" = {
      "name" = "PROJECT_ID"
      "namespace" = "platform"
    }
  }
}
```
Replace PROJECT_ID with the unique identifier for your new project.

Important: The Project Kubernetes manifest doesn't support attaching a Kubernetes cluster. After your project is provisioned, you can attach it to a cluster using the GDC console. For more information, see Attach project to a cluster.
Apply the new project using Terraform:
```
terraform apply
```
Link your new project with a billing account. To track project resource costs, you must have an associated billing account linked to your project.