This document provides the ways you can manage resources across multiple zones in a Google Distributed Cloud (GDC) air-gapped universe. Each surface, whether it be the GDC console, gdcloud CLI, APIs, or Terraform, provide mechanisms to appropriately manage your resources in a designated zone for zonal resources, or globally for resources supported for global provisioning. In a multi-zone universe, you must manage your zonal and global resources for high availability.
This document is for IT administrators within the platform administrator group who are responsible for developing disaster recovery workflows, and application developers within the application operator group who are responsible for developing and maintaining applications in a GDC universe.
For more information, see Audiences for GDC air-gapped documentation.
Switch to the global context
Manage your resources globally by switching to the global context.
GDC console
The global context is set by navigating to the global URL, which follows this syntax:
  https://console.ORG_NAME.SUFFIX
Navigate to the global URL to have a global view of your resources across zones.
gdcloud
The global URL is set with the organization_console_url parameter when
initializing the
gdcloud CLI default configuration.
The global context is assumed unless you have explicitly
set a zonal context.
To revert back to the global URL, complete the following steps:
- Set your default organization console URL to the global URL: - gdcloud config set core/organization_console_url GLOBAL_URL
- Sign in to the global context: - gdcloud auth login --login-config-cert=CA_CERT- Replace - CA_CERTwith the certificate authority (CA) certificate installed in the system's trusted certificates store. For more information, see Web TLS certificate configuration.
API
You must explicitly define the kubeconfig file for the global management API server in your kubectl commands when managing or provisioning global KRM API custom resources. For example:
  kubectl apply -f resource.yaml --kubeconfig GLOBAL_API_SERVER
You can set the global context for your API calls automatically by setting your kubectl context to the global API server. See Sign in for details.
Terraform
You must explicitly define the global management API server in your Terraform module and initialize it:
- Define the kubeconfig file for the global management API server in a Terraform file within your module, such as the - main.tffile:- provider "kubernetes" { config_path = "GLOBAL_API_SERVER" }- See Sign in for details on how to acquire the kubeconfig file of the global management API server. 
- Apply the new global context for your Terraform module: - terraform apply
All subsequent Terraform actions are called in the global context.
Switch to a zonal context
Manage the resources of a particular zone by switching to a zonal context.
GDC console
The zonal context is set by navigating to the zonal URL, which follows this syntax:
  https://console.ORG_NAME.ZONE.SUFFIX
Navigate to the zonal URL to view the resources that are hosted within the single zone.
Many resource pages also offer zone scope pickers, which let you switch between zonal contexts from within the GDC console page.

Select your zonal context from the provided mechanisms to view and manage your zonal resources.
gdcloud
Because the global context is configured by default when using the gdcloud CLI, you must explicitly set your zonal context to manipulate zonal resources. You can perform this action in one of the following three ways, depending on your preferred workflow:
- Set the default zone configuration: Recommended if you primarily work in zonal contexts.
- Set the zonal URL configuration: Recommended if you plan to frequently switch between global and zonal contexts.
- Apply the --zoneflag: Recommended if you want flexibility to directly apply a zonal context without any gdcloud CLI configuration updates.
Complete the following steps to apply one of these approaches:
Set the default zone configuration
- Set the zone configuration for your gdcloud CLI instance: - gdcloud config set core/zone ZONE_NAME- Replace - ZONE_NAMEwith the name of the zone to set for your context. See List zones in a universe for instructions on finding a zone name.
Set the zonal URL configuration
- Set your default organization console URL to the zonal URL: - gdcloud config set core/organization_console_url ZONAL_URL
- Sign in to the zone: - gdcloud auth login --login-config-cert=CA_CERT- Replace - CA_CERTwith the certificate authority (CA) certificate installed in the system's trusted certificates store. For more information, see Web TLS certificate configuration.
- Run your gdcloud CLI command with the - --zoneflag included. For example:- gdcloud auth print-identity-token --zone=ZONE_NAME- You can set the - --zoneflag for any command that supports it. View the gdcloud CLI reference documentation for your specific command to confirm the- --zoneflag is available.- You can use the - --zoneflag from any global or zonal context.
API
You must explicitly define the kubeconfig file for the zonal management API server in your kubectl commands when managing or provisioning zonal KRM API custom resources. For example:
  kubectl apply -f resource.yaml --kubeconfig ZONAL_API_SERVER
You can set the zonal context for your API calls automatically by setting your kubectl context to the zone's management API server. See Sign in for details.
Terraform
You must explicitly define the zonal management API server in your Terraform module and initialize it:
- Define the kubeconfig file for the zonal management API server in a Terraform file within your module, such as the - main.tffile:- provider "kubernetes" { config_path = "ZONAL_API_SERVER" }- See Sign in for details on how to acquire the kubeconfig file of the zonal management API server. 
- Apply the new global context for your Terraform module: - terraform apply
All subsequent Terraform actions are called in the context of the zone you configured.
List zones in a universe
To list all zones in your universe, run:
  gdcloud zones list
The output looks similar to the following:
  METADATA.NAME
  us-east1-a
  us-east1-b
  us-east1-c
What's next
- Learn about the global and zonal API servers available in a GDC universe.
- Explore the High availability guide to ensure your application is resilient to local zone failures.
- Visit the gdcloud CLI reference pages for a comprehensive list of gdcloud CLI commands that are available.
- To configure Terraform, see the Terraform overview.