This page provides a brief overview of the GKE On-Prem API and provides links to the GKE on VMware and GKE on Bare Metal documentation where you can learn more.
The GKE On-Prem API is a Google Cloud-hosted API that lets you manage the lifecycle of your on-premises user clusters using standard Google Cloud applications. The GKE On-Prem API runs in Google Cloud's infrastructure. The Google Cloud console and the gcloud CLI are clients of the API, and they use the API to create, update, upgrade, and delete clusters in your data center.
Protect the API with VPC Service Controls
To further secure the GKE On-Prem API, you can protect it using VPC Service Controls.
VPC Service Controls provides additional security for the GKE On-Prem API. Using VPC Service Controls, you can add projects to service perimeters that protect resources and services from requests that originate outside the perimeter.
To learn more about service perimeters, see Service perimeter details and configuration.
For the greatest protection by VPC Service Controls, ensure that your admin cluster isn't publicly accessible. For more information, see the following:
GKE on Bare Metal: Hardening your cluster's security
GKE on VMware: Hardening your cluster's security
What's next
The GKE On-Prem API manages both Anthos on VMware and Anthos on bare metal user clusters. See the following for more information.
GKE on Bare Metal:
GKE on VMware: