I believe you may be confusing few things so let me explain what's what.
There's no such distinctiomn in GCP services as Public (or external) and internal.
Some of the - like Load Balancers are designed to work both ways - depending on what you need. Sometime you want to distribute big amounts of traffic between you VM's (or other backend services) and sometimes between your VM's in you project or just a single VPC network.
Buckets store data - by default they are visible only to people that have permisions to read their contents. To make them available from Internet you have to explicitly make that choice and assign specific permissions (hardly something that can be done accidentally).
VM instances by default get Public IP (however it's NAT'ed). You can choose to get only internal IP - this way they are only visible to other VM's in the same VPC network.
Forwarding rules and backend services are a part of Load Balancers which I explained earlier.
Cluster is a group of VM's working together to achieve better scalability for your services. By default single VM's in the GKE cluster get external IP and can be accessed from the Internet but you can choose for them to only have internal IP's. In this case you can really get Private or Public cluster.
Storage - there are several options here - buckets are just one of them. Most widely used are disks used to run and store data in your VM's. They however are designed to be available to VM's inside GCP.
There are many other GCP services - have a look at linked documentaiton to understand the basics.
