Known issues

Environment scope and capabilities of Google Distributed Cloud (GDC) Sandbox:

• Persistence: GDC Sandbox is non-persistent and is refreshed incrementally on a monthly basis. When environments are refreshed, they're returned to a default state, meaning you'll need to redeploy your configurations. It's recommended to save your configs, code, and containers in a code repository which also enables your low-high development into production environments.
• Resources: This release limits the amount of the following resources:
  • One organization.
  • One tenant.
  • Two Kubernetes clusters.
• Users: To ensure adequate usage of shared resources, users are limited to a maximum of 25.
• Sensitive Data: Users must consent to EULA prior to accessing GDC Sandbox. We recommend you not use GDC Sandbox for sensitive data or production workloads as it's intended for test, development, and training purposes.
• IO experience: GDC Sandbox only supports the Application Operator (AO) or end-user Persona experience of GDC Sandbox.

Known issues:

1. Project Network Policy state is always reflected as Not Read on the UI irrespective of its status. Use the API or CLI to check for the true status.

2. If the steps mentioned in Access the environment to install certificates haven't been followed yet, the following error will be seen while uploading a file to a bucket (object storage): Check network speed to ensure your file size is within limits and certificates are properly set. You can either install the certificates or follow this workaround:

   1. On the browser in your GDC Sandbox, open the web page https://objectstorage.org-1.zone1.google.gdch.test and accept the certificate.
   2. Try the file upload again.
   3. If you still encounter issues like ErrPresignSignatureNotRecognized, try disabling TLS verification using gdcloud config set storage/s3_insecure_skip_tls_verify true.

3. Login timeout: The authentication might time out on both UI and CLI if the environment is not accessed for a few minutes.

   1. For UI timeout: Clear browser cache and refresh the browser.
   2. For gdcloud timeout: Sign in again. See Connect to your instance.

4. The only supported storage class for creating PersistentVolumeClaim objects is standard-rwo: ReadWriteOnce. The standard-rwx: ReadWriteMany storage class is not supported.

5. After you set auth/login_config_cert_path using gdcloud config set, the value is unset after running a gdcloud auth login. The workaround for this issue is to always add --login-config-cert=/tmp/org-1-web-tls-ca.cert while running gdcloud auth login.

6. Unable to launch Chrome after login into RDP. Try the following workaround:

   1. Remove ~/.local/share/keyrings
   2. Launch Chrome with the command:

   /opt/google/chrome/google-chrome --password-store=basic
   

7. If the Organization IAM Admin role is removed from the fop-platform-admin@example.com user, the role cannot be re-assigned and the user will lose access to most features. Contact GDC Sandbox support in this case.

8. The web browser fails to open on the gateway instance. Likely cause: the gateway has run out of disk space. In most cases, the space is overloaded with dangling containers, volumes and images. Try the following fix to clean up some space:

   docker images prune -a
   docker volumes prune
   docker containers prune
   

9. Attempts to connect to the Virtual Machine (VM) using gcloud compute ssh will fail. Instead, use sshuttle as described in Connect to a VM.