Can I remove the external IP from my GKE cluster?

It is now possible to create a private Kubernetes cluster on GKE.

The master is inaccessible from the public internet by default and your nodes do not have any public IP addresses.

You still need to access the master, otherwise your cluster will be useless :) For that reason you need to add master authorized networks, where you assign one or more public ip addresses that are allowed to connect to the master instance.


Google Kubernetes Engine has a beta feature called Master Authorized Networks that allows you to restrict traffic to the IP of your hosted Kubernetes control plane by CIDR blocks. Note that GCE public IPs will still be able to access your cluster endpoint, so it isn't as good as fully private clusters but it is much better than having the IP available to the entire internet.