Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.
Private Cluster Configuration cannot be altered once created. To create a new cluster with private endpoint enabled, follow the steps below.
In GCP Console -
In Terraform -
References:
https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#enable_private_nodes
https://cloud.google.com/kubernetes-engine/docs/concepts/types-of-clusters?&_ga=2.204662101.-430909071.1651029933&_gac=1.254162554.1674874051.Cj0KCQiAic6eBhCoARIsANlox87Ulk4q8xgfXRABIzIp_CPBzBV0oqJFtgM6QFPjoDc67jyWuW_p-HoaAgrHEALw_wcB#isolation-choices