Google Kubernetes Engine (GKE) has the capability only allow shielded nodes which can be used to protect workloads from attack. This is enabled by default but can be overridden. For more information on shielded nodes, see the GCP documentation.
References:
https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes
In GCP Console -
In Terraform -