GKE supports private clusters with private masters and Cloud Router can be used to exchange routes with an on-premises network using BGP.
Can I use Cloud Router to share the routes necessary to allow me to connect to a private master endpoint from on-premises? If so, do I need to use any particular configuration options for Cloud Router (e.g. global dynamic routing)?
The private master end point is an IP that belongs to the master's project and is being peered with the GKE cluster project. This means the same limitation on network peering you see with normal VPC networks apply.
If you would like to interact with the master endpoint, you can do so using the external endpoint. If you have security concerns, you can use master authorized networks to make sure that only the CIDR you want to allow can interact with the endpoint.