This page provides a brief overview of the GKE On-Prem API and provides links to the Google Distributed Cloud (software only) for bare metal and VMware documentation where you can learn more.
The GKE On-Prem API is a Google Cloud-hosted API that lets you manage the lifecycle of your on-premises clusters using standard applications. The GKE On-Prem API runs in Google Cloud's infrastructure. The Google Cloud console, the Google Cloud CLI, and Terraform are clients of the API, and they use the API to create, update, upgrade, and delete clusters in your data center.
Protect the API with VPC Service Controls
To further secure the GKE On-Prem API, you can protect it using VPC Service Controls.
VPC Service Controls provides additional security for the GKE On-Prem API. Using VPC Service Controls, you can add projects to service perimeters that protect resources and services from requests that originate outside the perimeter.
To learn more about service perimeters, see Service perimeter details and configuration.
For the greatest protection by VPC Service Controls, ensure that your admin cluster isn't publicly accessible. For more information, see the following Google Distributed Cloud documentation:
Bare metal: Hardening your cluster's security
What's next
Bare metal:
VMware: