Stay organized with collections
Save and categorize content based on your preferences.
This page provides a brief overview of the GKE On-Prem API and provides links
to the Google Distributed Cloud (software only) for bare metal and VMware
documentation where you can learn more.
The GKE On-Prem API is a Google Cloud-hosted API that lets you manage the
lifecycle of your on-premises clusters using standard applications. The
GKE On-Prem API runs in Google Cloud's infrastructure. The
Google Cloud console, the Google Cloud CLI, and Terraform are clients of the API, and
they use the API to create, update, upgrade, and delete clusters in your data
center.
Protect the API with VPC Service Controls
To further secure the GKE On-Prem API, you can protect it using VPC Service Controls.
VPC Service Controls provides additional security for the GKE On-Prem API.
Using VPC Service Controls, you can add projects to service perimeters that
protect resources and services from requests that originate outside the
perimeter.
For the greatest protection by VPC Service Controls, ensure that your admin
cluster isn't publicly accessible. For more information, see the following
Google Distributed Cloud documentation:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# About the GKE On-Prem API\n\nThis page provides a brief overview of the GKE On-Prem API and provides links\nto the Google Distributed Cloud (software only) for bare metal and VMware\ndocumentation where you can learn more.\n\nThe GKE On-Prem API is a Google Cloud-hosted API that lets you manage the\nlifecycle of your on-premises clusters using standard applications. The\nGKE On-Prem API runs in Google Cloud's infrastructure. The\nGoogle Cloud console, the Google Cloud CLI, and Terraform are clients of the API, and\nthey use the API to create, update, upgrade, and delete clusters in your data\ncenter.\n\nProtect the API with VPC Service Controls\n-----------------------------------------\n\nTo further secure the GKE On-Prem API, you can protect it using VPC Service Controls.\n\nVPC Service Controls provides additional security for the GKE On-Prem API.\nUsing VPC Service Controls, you can add projects to service perimeters that\nprotect resources and services from requests that originate outside the\nperimeter.\n\nTo learn more about service perimeters, see\n[Service perimeter details and configuration](/vpc-service-controls/docs/service-perimeters).\n\nFor the greatest protection by VPC Service Controls, ensure that your admin\ncluster isn't publicly accessible. For more information, see the following\nGoogle Distributed Cloud documentation:\n\n- Bare metal: [Hardening your cluster's security](/kubernetes-engine/distributed-cloud/bare-metal/docs/how-to/hardening-your-cluster)\n\n- VMware: [Hardening your cluster's security](/kubernetes-engine/distributed-cloud/vmware/docs/how-to/hardening-your-cluster)\n\nWhat's next\n-----------\n\n- Bare metal:\n\n - [Choose a tool to manage cluster lifecycle](/kubernetes-engine/distributed-cloud/bare-metal/docs/installing/cluster-lifecycle-management-tools)\n - [Create a user cluster using GKE On-Prem API clients](/kubernetes-engine/distributed-cloud/bare-metal/docs/installing/creating-clusters/create-user-cluster-api)\n - [Create an admin cluster using GKE On-Prem API clients](/kubernetes-engine/distributed-cloud/bare-metal/docs/installing/creating-clusters/create-admin-cluster-api)\n - [Configure a cluster to be managed by the GKE On-Prem API](/kubernetes-engine/distributed-cloud/bare-metal/docs/how-to/enroll-cluster)\n- VMware:\n\n - [Choose a tool to manage cluster lifecycle](/kubernetes-engine/distributed-cloud/vmware/docs/how-to/cluster-lifecycle-management-tools)\n - [Create a user cluster](/kubernetes-engine/distributed-cloud/vmware/docs/how-to/create-user-cluster)\n - [Configure a cluster to be managed by the GKE On-Prem API](/kubernetes-engine/distributed-cloud/vmware/docs/how-to/enroll-cluster)"]]
