I have an API which is deployed in GKE and exposed via Cloud Endpoints with ESPv2. I have secured the API using API key as of now and its available via internet. Is there any possible way I can apply some firewall rules that the endpoint is available only from a certain network or range of IPs ?
You need to define an ingress with a global HTTPS load balancer in front of your ESPv2 service.
Then, you can activate Cloud Armor and set policies to filter the IPs and ranges that you want