This page shows you how to use Virtual Trusted Platform Modules (vTPMs) withGoogle Kubernetes Engine (GKE) Standard workloads that run inConfidential GKE Nodes. vTPMs provide platform integrity along withother security features, such as remote attestation, secret sealing, and randomnumber generation. On this page, you learn how to install a device plugin andmake vTPMs visible to GKE applications.

This page is intended for Security engineers who want to remotely access thesecurity features of vTPMs in GKE applications.

Before reading this page, ensure that you're familiar with the followingfeatures:

• Confidential GKE Nodes
• Shielded GKE Nodes

Before you begin

Before you start, make sure that you have performed the following tasks:

• Enable the Google Kubernetes Engine API.
Enable Google Kubernetes Engine API
• If you want to use the Google Cloud CLI for this task,install and theninitialize the gcloud CLI. If you previously installed the gcloud CLI, get the latest version by running thegcloud components update command. Earlier gcloud CLI versions might not support running the commands in this document.Note: For existing gcloud CLI installations, make sure to set thecompute/regionproperty. If you use primarily zonal clusters, set thecompute/zone instead. By setting a default location, you can avoid errors in the gcloud CLI like the following:One of [--zone, --region] must be supplied: Please specify location. You might need to specify the location in certain commands if the location of your cluster differs from the default that you set.

Limitations

You can make vTPMs visible to GKE applications only inConfidential GKE Nodes that use AMD SEV as the Confidential Computingtechnology. Intel TDX and AMD SEV-SNP aren't supported.

Availability

You can use Confidential GKE Nodes under the following conditions:

• In zones and regions withN2D instances orC2D instancesavailable.

• Node images using Container-Optimized OS with containerd (cos_containerd).

Create a Confidential GKE Nodes cluster

You can create a new cluster with Confidential GKE Nodes enabled byusing the gcloud CLI or the Google Cloud console. If you enableConfidential GKE Nodes at cluster level, all the nodes in the clusterbecomeConfidential VMs.

gcloudcontainerclusterscreateCLUSTER_NAME\--machine-type=MACHINE_TYPE\--confidential-node-type=SEV

After creating a cluster with Confidential GKE Nodes, any node poolscreated in this cluster can only use confidential nodes. You can't createregular node pools in clusters with Confidential GKE Nodes enabled. Youalso can't disable Confidential GKE Nodes on individual node poolswhen you enable Confidential GKE Nodes at cluster level.

Run a vTPM in Confidential GKE Nodes workloads

To run vTPM in Confidential GKE Nodes workloads, Google provides aDaemonSet to apply to the Confidential GKE Nodes clusters. Run thefollowing command to deploy the DaemonSet:

kubectlcreate-fhttps://raw.githubusercontent.com/google/cc-device-plugin/main/manifests/cc-device-plugin.yaml

Configure Pods to see the vTPM

You use aresource limit to configure Pods to seevTPM. Specify the resource limit as 1 in aPod specificationusing the following key-value pair

• Key:google.com/cc
• Value: 1

An example of a Pod specification that uses vTPM:

apiVersion:v1kind:Podmetadata:name:my-vtpm-podspec:containers:-name:nginximage:nginxports:-containerPort:8080name:httpresources:limits:google.com/cc:1

What's next

• Learn how toremotely attest that workloads are running on Confidential VM.