本页面简要介绍了 GKE On-Prem API,并提供 Google Distributed Cloud for Bare Metal(纯软件)和 Google Distributed Cloud for VMware(纯软件)文档的链接,以便您了解详情。
GKE On-Prem API 是由 Google Cloud托管的 API,可让您使用标准应用管理本地集群的生命周期。GKE On-Prem API 在 Google Cloud的基础设施中运行。Google Cloud 控制台、Google Cloud CLI 和 Terraform 都是该 API 的客户端,它们使用该 API 创建、更新、升级和删除数据中心内的集群。
使用 VPC Service Controls 保护 API
为进一步保护 GKE On-Prem API,您可以使用 VPC Service Controls 来保护它。
VPC Service Controls 可为 GKE On-Prem API 提供额外的安全防护。使用 VPC Service Controls,您可以将项目添加到服务边界,从而防止资源和服务受到源自边界外部的请求的影响。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-07-31。"],[],[],null,["# About the GKE On-Prem API\n\nThis page provides a brief overview of the GKE On-Prem API and provides links\nto the Google Distributed Cloud (software only) for bare metal and VMware\ndocumentation where you can learn more.\n\nThe GKE On-Prem API is a Google Cloud-hosted API that lets you manage the\nlifecycle of your on-premises clusters using standard applications. The\nGKE On-Prem API runs in Google Cloud's infrastructure. The\nGoogle Cloud console, the Google Cloud CLI, and Terraform are clients of the API, and\nthey use the API to create, update, upgrade, and delete clusters in your data\ncenter.\n\nProtect the API with VPC Service Controls\n-----------------------------------------\n\nTo further secure the GKE On-Prem API, you can protect it using VPC Service Controls.\n\nVPC Service Controls provides additional security for the GKE On-Prem API.\nUsing VPC Service Controls, you can add projects to service perimeters that\nprotect resources and services from requests that originate outside the\nperimeter.\n\nTo learn more about service perimeters, see\n[Service perimeter details and configuration](/vpc-service-controls/docs/service-perimeters).\n\nFor the greatest protection by VPC Service Controls, ensure that your admin\ncluster isn't publicly accessible. For more information, see the following\nGoogle Distributed Cloud documentation:\n\n- Bare metal: [Hardening your cluster's security](/kubernetes-engine/distributed-cloud/bare-metal/docs/how-to/hardening-your-cluster)\n\n- VMware: [Hardening your cluster's security](/kubernetes-engine/distributed-cloud/vmware/docs/how-to/hardening-your-cluster)\n\nWhat's next\n-----------\n\n- Bare metal:\n\n - [Choose a tool to manage cluster lifecycle](/kubernetes-engine/distributed-cloud/bare-metal/docs/installing/cluster-lifecycle-management-tools)\n - [Create a user cluster using GKE On-Prem API clients](/kubernetes-engine/distributed-cloud/bare-metal/docs/installing/creating-clusters/create-user-cluster-api)\n - [Create an admin cluster using GKE On-Prem API clients](/kubernetes-engine/distributed-cloud/bare-metal/docs/installing/creating-clusters/create-admin-cluster-api)\n - [Configure a cluster to be managed by the GKE On-Prem API](/kubernetes-engine/distributed-cloud/bare-metal/docs/how-to/enroll-cluster)\n- VMware:\n\n - [Choose a tool to manage cluster lifecycle](/kubernetes-engine/distributed-cloud/vmware/docs/how-to/cluster-lifecycle-management-tools)\n - [Create a user cluster](/kubernetes-engine/distributed-cloud/vmware/docs/how-to/create-user-cluster)\n - [Configure a cluster to be managed by the GKE On-Prem API](/kubernetes-engine/distributed-cloud/vmware/docs/how-to/enroll-cluster)"]]
