redpanda-data · ppanagiotis · Jun 23, 2026 · Jun 23, 2026 · Jun 23, 2026 · Jun 23, 2026
@@ -488,6 +488,8 @@
 **** xref:networking:configure-private-service-connect-in-cloud-ui.adoc[Configure Private Service Connect in the Cloud Console]
 **** xref:networking:gcp-private-service-connect.adoc[Configure Private Service Connect with the Cloud API]
 **** xref:networking:byoc/gcp/enable-global-access.adoc[Enable Global Access]
+**** xref:networking:byoc/gcp/nat-free-egress.adoc[Configure Centralized Egress]
+**** xref:networking:byoc/gcp/gcp-hub-egress.adoc[Create a GCP Hub for Centralized Egress]
 ** xref:networking:dedicated/index.adoc[Dedicated]
 *** xref:networking:dedicated/aws/index.adoc[AWS]
 **** xref:networking:dedicated/aws/vpc-peering.adoc[Add a Peering Connection]

@@ -400,7 +400,8 @@ The following features are currently in beta in Redpanda Cloud:
 
 * BYOVNet for Azure
 * Secrets management for BYOVPC on GCP
-* Several Redpanda Connect components 
+* Centralized egress for BYOC on AWS and GCP
+* Several Redpanda Connect components
 
 include::shared:partial$suggested-video.adoc[]
 

@@ -45,6 +45,11 @@ Optionally, click *Advanced settings* to specify up to five key-value custom GCP
 ** Clusters with private networking include a setting for API Gateway network access. Public access exposes endpoints for Redpanda Console, the Data Plane API, but they remain protected by your authentication and authorization controls. Private access restricts endpoint access to your VPC only.
 +
 NOTE: After the cluster is created, you can change the API Gateway access on the Dataplane settings page. If you change from public to private access, users without VPN access to the Redpanda VPC will lose access to these services.
++
+[TIP]
+====
+To route all cluster egress through your own GCP hub VPC and NAT VM instead of a per-cluster Cloud NAT, enter the *Hub VPC name* and *Hub project ID* on this page. These fields are only available on clusters with a private connection type, and are only visible if centralized egress is enabled for your organization. This option is in beta. See xref:networking:byoc/gcp/nat-free-egress.adoc[].
+====
 . Click *Next*.
 . On the Deploy page, follow the steps to log in to Redpanda Cloud and deploy the agent.
 +

@@ -8,6 +8,10 @@ This page lists new features added to Redpanda Cloud.
 
 == June 2026
 
+=== Centralized egress for BYOC on GCP: beta
+
+You can route all GCP BYOC cluster egress through your own GCP hub VPC and NAT VM instead of a per-cluster Cloud NAT, so outbound traffic exits through your centralized inspection point. This is useful for regulated environments that require a single, predictable public IP for outbound allowlisting or that prohibit per-cluster Cloud NAT. Centralized egress is in a glossterm:beta[] release and is enabled per organization. Contact your account team for access. See xref:networking:byoc/gcp/nat-free-egress.adoc[Configure Centralized Egress with GCP VPC Peering].
+
 === GCP Lakehouse catalog for Iceberg topics
 
 BYOC clusters on GCP can now use GCP Lakehouse as an Iceberg REST catalog. See xref:manage:iceberg/iceberg-topics-gcp-biglake.adoc[].

@@ -131,9 +131,12 @@ curl -d \
 // to route all cluster egress through a customer-owned Transit Gateway.
 // It is gated behind `:show-preview-api:` while the field is in preview.
 // To enable, set the attribute in the playbook or in this page header.
+// The GCP BYOC network example adds `egress_spec.gcp.hub_vpc_project` and
+// `egress_spec.gcp.hub_vpc_name` for centralized egress through a hub VPC.
+// Also gated behind `:show-preview-api:`.
 ifdef::show-preview-api[]
 
-To route all cluster egress through your own AWS Transit Gateway and hub VPC instead of a per-VPC NAT Gateway, set `egress_spec.aws.transit_gateway_id` on an AWS BYOC network. Centralized egress is in beta. The Transit Gateway ID is immutable after the network is created. Before calling this endpoint, provision the hub VPC and Transit Gateway and share the Transit Gateway with the Redpanda cluster account. See xref:networking:byoc/aws/aws-hub-egress.adoc[Create an AWS Hub for Centralized Egress] and xref:networking:byoc/aws/nat-free-egress.adoc[Configure Centralized Egress with AWS Transit Gateway].
+To route all cluster egress through your own AWS Transit Gateway and hub VPC instead of a per-VPC NAT Gateway, set `egress_spec.aws.transit_gateway_id` on an AWS BYOC network. Centralized egress is in beta. Before calling this endpoint, provision the hub VPC and Transit Gateway and share the Transit Gateway with the Redpanda cluster account. See xref:networking:byoc/aws/aws-hub-egress.adoc[Create an AWS Hub for Centralized Egress] and xref:networking:byoc/aws/nat-free-egress.adoc[Configure Centralized Egress with AWS Transit Gateway].
 
 [,bash]
 ----
@@ -155,6 +158,30 @@ curl -d \
 }' -H "Content-Type: application/json" \
 -H "Authorization: Bearer <token>" -X POST https://api.redpanda.com/v1/networks
 ----
+
+To route all cluster egress through your own GCP hub VPC and NAT VM instead of a per-cluster Cloud NAT, set `egress_spec.gcp.hub_vpc_project` and `egress_spec.gcp.hub_vpc_name` on a GCP BYOC network. Centralized egress is in beta. Before calling this endpoint, provision the hub VPC and NAT VM. See xref:networking:byoc/gcp/gcp-hub-egress.adoc[Create a GCP Hub for Centralized Egress] and xref:networking:byoc/gcp/nat-free-egress.adoc[Configure Centralized Egress with GCP VPC Peering].
+
+[,bash]
+----
+curl -d \
+'{
+  "network": {
+    "cidr_block": "10.0.0.0/20",
+    "cloud_provider": "CLOUD_PROVIDER_GCP",
+    "cluster_type": "TYPE_BYOC",
+    "name": "<network-name>",
+    "resource_group_id": "<resource-group-id>",
+    "region": "us-west1",
+    "egress_spec": {
+      "gcp": {
+        "hub_vpc_project": "<hub-gcp-project-id>",
+        "hub_vpc_name": "<hub-vpc-name>"
+      }
+    }
+  }
+}' -H "Content-Type: application/json" \
+-H "Authorization: Bearer <token>" -X POST https://api.redpanda.com/v1/networks
+----
 endif::[]
 endif::[]