|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * installing/installing_gcp/installing-gcp-customizations.adoc |
| 4 | +// * installing/installing_gcp/installing-gcp-network-customizations.adoc |
| 5 | +// * installing/installing_gcp/installing-gcp-private.adoc |
| 6 | +// * installing/installing_gcp/installing-gcp-vpc.adoc |
| 7 | +// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc |
| 8 | +// * installing/installing_gcp/installing-gcp-user-infra.adoc |
| 9 | +// * installing/installing_gcp/installing-gcp-user-infra-vpc.adoc |
| 10 | +// * installing/installing_gcp/installing-restricted-networks-gcp.adoc |
| 11 | + |
| 12 | +:_mod-docs-content-type: PROCEDURE |
| 13 | +[id="installation-gcp-enabling-confidential-vms_{context}"] |
| 14 | += Enabling Confidential VMs |
| 15 | + |
| 16 | +You can use Confidential VMs when installing your cluster. Confidential VMs encrypt data while it is being processed. For more information, see Google's documentation on link:https://cloud.google.com/confidential-computing[Confidential Computing]. You can enable Confidential VMs and Shielded VMs at the same time, although they are not dependent on each other. |
| 17 | + |
| 18 | +[NOTE] |
| 19 | +==== |
| 20 | +Confidential VMs are currently not supported on 64-bit ARM architectures. |
| 21 | +==== |
| 22 | + |
| 23 | +.Procedure |
| 24 | + |
| 25 | +* Use a text editor to edit the `install-config.yaml` file prior to deploying your cluster and add one of the following stanzas: |
| 26 | +.. To use confidential VMs for only control plane machines: |
| 27 | ++ |
| 28 | +[source,yaml] |
| 29 | +---- |
| 30 | +controlPlane: |
| 31 | + platform: |
| 32 | + gcp: |
| 33 | + confidentialCompute: Enabled <1> |
| 34 | + type: n2d-standard-8 <2> |
| 35 | + onHostMaintenance: Terminate <3> |
| 36 | +---- |
| 37 | +<1> Enable confidential VMs. |
| 38 | +<2> Specify a machine type that supports Confidential VMs. Confidential VMs require the N2D or C2D series of machine types. For more information on supported machine types, see link:https://cloud.google.com/compute/confidential-vm/docs/os-and-machine-type#machine-type[Supported operating systems and machine types]. |
| 39 | +<3> Specify the behavior of the VM during a host maintenance event, such as a hardware or software update. For a machine that uses Confidential VM, this value must be set to `Terminate`, which stops the VM. Confidential VMs do not support live VM migration. |
| 40 | ++ |
| 41 | +.. To use confidential VMs for only compute machines: |
| 42 | ++ |
| 43 | +[source,yaml] |
| 44 | +---- |
| 45 | +compute: |
| 46 | +- platform: |
| 47 | + gcp: |
| 48 | + confidentialCompute: Enabled |
| 49 | + type: n2d-standard-8 |
| 50 | + onHostMaintenance: Terminate |
| 51 | +---- |
| 52 | ++ |
| 53 | +.. To use confidential VMs for all machines: |
| 54 | ++ |
| 55 | +[source,yaml] |
| 56 | +---- |
| 57 | +platform: |
| 58 | + gcp: |
| 59 | + defaultMachinePlatform: |
| 60 | + confidentialCompute: Enabled |
| 61 | + type: n2d-standard-8 |
| 62 | + onHostMaintenance: Terminate |
| 63 | +---- |
0 commit comments