Securing Container Registry in a service perimeter

VPC Service Controls improves your ability to mitigate the risk of unauthorized copying or transfer of data from Google-managed services.

With VPC Service Controls, you can configure security perimeters around the resources of your Google-managed services and control the movement of data across the perimeter boundary.

If you are using Container Registry with a Google Kubernetes Engine private cluster within a service perimeter, follow the instructions to set up secure communication with Container Registry using a restricted virtual IP.

For general instructions to add Container Registry to a service perimeter, see Setting up Container Registry for GKE private clusters.