Encrypt workload data in-use with Confidential GKE Nodes

This page shows you how to enforce encryption of data in-usein your nodes and workloads by using Confidential Google Kubernetes Engine Nodes. Enforcingencryption can help increase the security of your workloads.

This page is for Security specialists who implement security measures onGKE. To learn more aboutcommon roles and example tasks that we reference in Google Cloud content, seeCommon GKE user roles and tasks.

Before reading this page, ensure that you're familiar with the concept ofdata-in-use.

What is Confidential GKE Nodes?

You can encrypt your workloads with Confidential GKE Nodes orConfidential mode for Hyperdisk Balanced.

Confidential GKE Nodes

Confidential GKE Nodes uses Compute Engine Confidential VMto protect data in use with hardware-based memory encryption.Confidential GKE Nodes supports the following Confidential Computingtechnologies:

  • AMD Secure Encrypted Virtualization (SEV)
  • AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP)
  • Intel Trust Domain Extensions (TDX)

For more information about these technologies and for help choosing the optimaltechnology for your requirements, see theConfidential VM overview.

Confidential GKE Nodes doesn't change the security measures thatGKE applies to cluster control planes. To learn about thesemeasures, seeControl plane security.For visibility over who accesses control planes in your Google Cloudprojects, useAccess Transparency.

You can enable Confidential GKE Nodes for entire clusters, forspecific node pools, or for specific workloads. The following table describesthese enablement methods:

Confidential GKE Nodes settingDescriptionBehavior
Workload levelConfigure Confidential GKE Nodes in aComputeClass, and then select that ComputeClass in a workload. GKE creates nodes that use that configuration to run your Pods.

The workload setting supports any of the following Confidential Computing technologies, regardless of the cluster mode or the type of node pool:

  • AMD SEV
  • AMD SEV-SNP
  • Intel TDX
Cluster levelThis setting is irreversible.

Enable Confidential GKE Nodes when you create a new Autopilot or Standard cluster. All of the nodes in the cluster use Confidential GKE Nodes. You can't override the cluster setting for individual node pools or workloads.

The supported technologies at the cluster level depend on the cluster mode of operation, as follows:

  • Autopilot clusters: AMD SEV
  • Standard clusters:
    • AMD SEV
    • AMD SEV-SNP
    • Intel TDX
Node pool levelEnable Confidential GKE Nodes when you create a new node pool in a Standard cluster. You can use this method only if Confidential GKE Nodes is disabled at the cluster level.

The supported technologies at the node pool level depend on whether the node pool uses node auto-provisioning, as follows:

  • Manually created node pools:
    • AMD SEV
    • AMD SEV-SNP
    • Intel TDX
  • Auto-provisioned node pools:
    • AMD SEV
    • AMD SEV-SNP

Confidential mode for Hyperdisk Balanced

You can also enableConfidential mode for Hyperdisk Balancedon your boot disk storage, which encrypts your data on additionalhardware-backed enclaves.

You can enable Confidential mode for Hyperdisk Balanced when doing one of the following:

  • Create a new cluster
  • Create a new node pool

You cannot update an existing cluster or a node pool to change theConfidential mode for Hyperdisk Balanced setting.

The following table shows you the GKE behavior that applies whenyou enable Confidential mode for Hyperdisk Balanced setting at the cluster level or at the nodepool level:

Confidential mode for Hyperdisk Balanced settingHow to configureBehavior
Cluster-levelCreate a new clusterOnly the default node pool in the cluster will use Confidential mode for Hyperdisk Balanced setting. Youcannot do the following:
  • Disable Confidential mode for Hyperdisk Balanced setting for an existing node pool in the cluster
  • Enable Confidential mode for Hyperdisk Balanced setting on existing clusters
Node pool levelCreate a new node poolYou can configure Confidential mode for Hyperdisk Balanced setting for any new node pools at creation time. You can't update existing node pools to use Confidential mode for Hyperdisk Balanced setting.

Pricing

The following pricing applies, depending on how you configureConfidential GKE Nodes:

Confidential GKE Nodes pricing
Workload-level

In Autopilot workloads, both of the following costs apply:

  • Autopilot node-based billing for the Compute Engine machine series that the Pods run on. For more information, see the "Pods that have specific hardware requirements" section inGoogle Kubernetes Engine pricing.
  • Confidential GKE Nodes pricing. For more information, see the "Confidential GKE Nodes on GKE Autopilot pricing" section inConfidential VM pricing.

In Standard workloads, both of the following costs apply:

Cluster-level

In Autopilot clusters, both of the following costs apply:

  • Balanced compute class pricing, because the default machine series in the cluster changes to N2D. For more information, see the "Balanced and Scale-Out compute class Pods" section inGoogle Kubernetes Engine pricing.
  • Confidential GKE Nodes pricing. For more information, see the "Confidential GKE Nodes on GKE Autopilot pricing" section inConfidential VM pricing.

In Standard clusters, both of the following costs apply:

Node pool level

In Standard node pools, the following costs apply:

Additionally, Confidential GKE Nodes might generate slightly more logdata on startup than nodes that aren't Confidential GKE Nodes. Formore information about logs pricing, seePricing for Google Cloud Observability.

Before you begin

Before you start, make sure that you have performed the following tasks:

  • Enable the Google Kubernetes Engine API.
    • Enable Google Kubernetes Engine API
  • If you want to use the Google Cloud CLI for this task,install and theninitialize the gcloud CLI. If you previously installed the gcloud CLI, get the latest version by running thegcloud components update command. Earlier gcloud CLI versions might not support running the commands in this document.Note: For existing gcloud CLI installations, make sure to set thecompute/regionproperty. If you use primarily zonal clusters, set thecompute/zone instead. By setting a default location, you can avoid errors in the gcloud CLI like the following:One of [--zone, --region] must be supplied: Please specify location. You might need to specify the location in certain commands if the location of your cluster differs from the default that you set.

Requirements

Confidential GKE Nodes has the following requirements:

  • Autopilot clusters must run GKE version1.30.2 or later.

  • Standard clusters must run one of the following GKEversions, depending on the Confidential Computing technology and node operatingsystem that you choose:

    • Container-Optimized OS:

      • AMD SEV: any GKE version.
      • AMD SEV-SNP: 1.32.2-gke.1297000 or later.
      • Intel TDX: 1.32.2-gke.1297000 or later.

    • Ubuntu:

      • AMD SEV: 1.33.5-gke.1350000 or later and 1.34.1-gke.2037000 orlater.
      • AMD SEV-SNP: 1.33.5-gke.1350000 or later and 1.34.1-gke.2037000 orlater.
      • Intel TDX: 1.33.5-gke.1697000 or later and 1.34.1-gke.2909000 orlater.

  • To enable Confidential GKE Nodes at the workload level,Autopilot and Standard clusters must run GKEversion 1.33.3-gke.1392000 or later.

  • Nodes must use a machine type that supports the Confidential Computingtechnology that you choose. For more information, seeMachine types, CPUs, and zones.

  • Cluster control planes and nodes must be in a location that supports theConfidential Computing technology that you choose. For more information, seeView supported zones.

Configure Confidential GKE Nodes at the workload level

To enable Confidential GKE Nodes in individual workloads, you use aComputeClass.ComputeClasses are Kubernetes custom resources that let you define theattributes of new nodes that GKE creates and let you controlfallback behavior if hardware isn't available. ComputeClasses support all ofthe available Confidential Computing technologies for GKE, even ifa specific technology isn't supported at the cluster or node pool level.

To configure Confidential GKE Nodes at the workload level, followthese steps:

  1. Optional: For GKE Standard clusters,enable node-autoprovisioning for the cluster.For Autopilot clusters, skip this step.

    If you choose to use ComputeClasses with only manually created nodepools, you must alsomanually configure node taints and node labelson those node pools. This additional manual configuration might result inyou noticing fewer benefits from using a ComputeClass to createConfidential GKE Nodes.

  2. Save the following ComputeClass manifest as a YAML file. For moreinformation about the supported fields and values for ComputeClasses, seetheComputeClass CustomResourceDefinition.

    apiVersion:cloud.google.com/v1kind:ComputeClassmetadata:name:COMPUTE_CLASSspec:nodePoolConfig:confidentialNodeType:CONFIDENTIAL_COMPUTE_TECHNOLOGYnodePoolAutoCreation:enabled:trueactiveMigration:optimizeRulePriority:truepriorityDefaults:location:zones:['ZONE1','ZONE2']priorities:-machineFamily:MACHINE_SERIES-machineType:MACHINE_TYPEwhenUnsatisfiable:DoNotScaleUp

    Replace the following:

    • COMPUTE_CLASS: a name for your new computeclass.

    • CONFIDENTIAL_COMPUTE_TECHNOLOGY: theConfidential Computing technology to use. The following values aresupported:

      • SEV for AMD SEV
      • SEV_SNP for AMD SEV-SNP
      • TDX for Intel TDX

    • ZONE1,ZONE2,...: the zones to create nodes in,such as['us-central1-a','us-central1-b']. Specify zones that supportthe Confidential Computing technology that you specified. For moreinformation, seeView supported zones.

    • MACHINE_SERIES: the machine series for thenodes, such asn2d. Specify a machine series that supports theConfidential Computing technology that you specified. For more information,seeMachine types, CPUs, and zones.

    • MACHINE_TYPE the machine type for the nodes,such asn2d-standard-4. Specify a machine type that supports theConfidential Computing technology that you specified. For more information,seeMachine types, CPUs, and zones.

    This manifest includes thespec.nodePoolAutoCreation field with a value ofenabled: true, which lets GKE create new node pools byusing node auto-provisioning.

  3. Create the ComputeClass in your cluster:

    kubectlapply-fPATH_TO_COMPUTE_CLASS_MANIFEST

    ReplacePATH_TO_COMPUTE_CLASS_MANIFEST with the pathto the ComputeClass manifest file.

  4. Save the following Deployment manifest as a YAML file:

    apiVersion:apps/v1kind:Deploymentmetadata:name:helloweblabels:app:hellospec:selector:matchLabels:app:hellotemplate:metadata:labels:app:hellospec:nodeSelector:# Replace with the name of a compute classcloud.google.com/compute-class:COMPUTE_CLASScontainers:-name:hello-appimage:us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0ports:-containerPort:8080resources:requests:cpu:"250m"memory:"1Gi"

  5. Create the Deployment:

    kubectlapply-fPATH_TO_DEPLOYMENT_MANIFEST

    ReplacePATH_TO_DEPLOYMENT_MANIFEST with the path tothe Deployment manifest file.

New nodes that GKE creates for this workload use theConfidential Computing technology that you specified. These nodes run in oneof the zones that you selected, on a machine type that you defined in theComputeClass. GKE adds node taints and node labels so thatonly Pods that select the same ComputeClass can run on the nodes.

Configure Confidential GKE Nodes at the cluster level

Caution: Enabling Confidential GKE Nodes at the cluster level isirreversible.

You can enable Confidential GKE Nodes for an entire Autopilotor Standard cluster, which means that every node in the clusters usesConfidential GKE Nodes. As a result, all of the workloads that youdeploy in that cluster run on Confidential GKE Nodes. You can'toverride the cluster setting in individual workloads or node pools.

Create a new Autopilot cluster

Autopilot clusters support only AMD SEV at the cluster level. When youenable Confidential GKE Nodes, the default machine series in theAutopilot cluster changes to N2D. All of your workloads run on theseconfidential nodes without needing to change your workload manifests.

Create a new Standard cluster

You can specify a Confidential Computing technology for your nodes when youcreate a Standard cluster. Specifying the technology when you create acluster has the following effects:

  • You can create only node pools or workloads that useConfidential GKE Nodes in that cluster.
  • You can't update the cluster to disable Confidential GKE Nodes.
  • You can't override the cluster-level Confidential Computing technology inindividual node pools or workloads.

Configuring a Confidential Computing setting at the cluster level is permanent.As a result, consider the following use cases before you create your cluster:

To create a Standard mode cluster that usesConfidential GKE Nodes, select one of the following options:

gcloud

When creating a new cluster, specify the--confidential-node-type optionin the gcloud CLI:

gcloudcontainerclusterscreateCLUSTER_NAME\--location=LOCATION\--machine-type=MACHINE_TYPE\--node-locations=ZONE1,ZONE2,...\--confidential-node-type=CONFIDENTIAL_COMPUTE_TECHNOLOGY

Replace the following:

  • CLUSTER_NAME: the name of your cluster.
  • LOCATION: the Compute Engine location forthe cluster control plane. The location must support theConfidential Computing technology that you specify. For more information, seetheAvailability section.
  • MACHINE_TYPE: a machine type that supports theConfidential Computing technology that you specify. For more information, seeAvailability section.
  • ZONE1,ZONE2,...: a comma-separated list ofzones in the control plane region that support the new Confidential Computingtechnology. For more information, seeView supported zones.

  • CONFIDENTIAL_COMPUTE_TECHNOLOGY: theConfidential Computing technology to use. The following values are supported:

    • sev: AMD SEV
    • sev_snp: AMD SEV-SNP
    • tdx: Intel TDX

You can also use the--enable-confidential-nodes flag in your clustercreation command. If you specify only this flag in your command, the clusteruses AMD SEV. The machine type that you specify in the command mustsupport AMD SEV. However, if you specify the--confidential-node-type flagin the same command, GKE uses the value that you specify in the--confidential-node-type flag.

Note: You can enable confidential mode on boot disk storage by passing the--enable-confidential-storage flag and--boot-disk-kms-key=KMS_KEY. For more information, seetheKMS key documentation.

Console

  1. In the Google Cloud console, go to theCreate a Kubernetes cluster page.

    Go to Create a Kubernetes cluster

  2. In the navigation menu, in theCluster section, clickSecurity.

  3. Select theEnable Confidential GKE Nodes checkbox.

  4. In theChanges needed dialog, clickMake changes.

  5. In theType menu, select the Confidential Computing technology that youwant to use.

    If the technology that you select requires a specificCompute Engine machine series, a dialog appears. ClickMake changes to update the machine series for the node pool.

  6. In the navigation menu, in theNode pools section, clickdefault-pool.

  7. In theNode pool details pane, do the following:

    1. Select theSpecify node locations checkbox. A list of zones inthe cluster's region appears.
    2. Select the checkboxes for zones that support the Confidential Computingtechnology that you selected for the nodes. For more information, seeView supported zones.

  8. ClickCreate.

For more information about creating clusters, seeCreating a regional cluster.

For any node pool created with the Confidential mode for Hyperdisk Balanced setting, only the nodes in thenode pool are restricted to the setup configuration. For any new node poolscreated in the cluster, you must set up confidential mode at creation.

Configure node auto-provisioning

You can configurenode auto-provisioningto use Confidential GKE Nodes in auto-provisioned node pools. Nodeauto-provisioning supports the following Confidential Computing technologies:

  • AMD SEV
  • AMD SEV-SNP

To use Confidential GKE Nodes with node auto-provisioning, specify the--enable-confidential-nodes gcloud CLI flag when you create acluster. The following additional considerations apply:

  • When you create the cluster, choose a Confidential Computing technology thatnode auto-provisioning supports. This choice isirreversible at thecluster level.
  • When you enable node auto-provisioning on an existing cluster, the clustermust already use a Confidential GKE Nodes technology that nodeauto-provisioning supports.
  • When you deploy workloads, verify that the workloads select theConfidential Computing technology of the cluster and a compatible machineseries for that technology.

Configure Confidential GKE Nodes at the node pool level

You can enable Confidential GKE Nodes on specific node pools ifConfidential GKE Nodes is disabled at the cluster level.

Confidential mode for Hyperdisk Balanced setting must be specified during node pool creation request.

Create a new node pool

To create a new node pool with Confidential GKE Nodes enabled, selectone of the following options:

gcloud

Run the following command:

gcloudcontainernode-poolscreateNODE_POOL_NAME\--location=LOCATION\--cluster=CLUSTER_NAME\--machine-type=MACHINE_TYPE\--node-locations=ZONE1,ZONE2,...\--confidential-node-type=CONFIDENTIAL_COMPUTE_TECHNOLOGY
Note: You can enable confidential mode on boot disk storage by passing the--enable-confidential-storage flag and--boot-disk-kms-key=KMS_KEY. For more information, seetheKMS key documentation

Replace the following:

  • NODE_POOL_NAME: the name of your new node pool.
  • LOCATION: the location for your new node pool. Thelocation must support the Confidential Computing technology that youspecify. For details, see theAvailability section.
  • CLUSTER_NAME: the name of your cluster.
  • MACHINE_TYPE: a machine type that supports theConfidential Computing technology that you specify. For details, see theAvailability section.
  • ZONE1,ZONE2,...: a comma-separated list ofzones in the cluster region that support the new Confidential Computingtechnology. For more information, seeView supported zones.

  • CONFIDENTIAL_COMPUTE_TECHNOLOGY: theConfidential Computing technology to use. The following values are supported:

    • sev: AMD SEV
    • sev_snp: AMD SEV-SNP
    • tdx: Intel TDX

You can also use the--enable-confidential-nodes flag in your clustercreation command. If you specify only this flag in your command, the clusteruses AMD SEV. The machine type that you specify in the command mustsupport AMD SEV. However, if you specify the--confidential-node-type flagin the same command, GKE uses the value that you specify in the--confidential-node-type flag.

Console

  1. In the Google Cloud console, go to theKubernetes clusters page:

    Go to Kubernetes clusters

  2. Click the name of your Standard cluster.

  3. ClickAdd node pool.

  4. In the navigation menu, clickSecurity.

  5. In theNode security pane, do the following:

    1. Select theEnable Confidential GKE Nodes checkbox.
    2. In theChanges needed dialog, clickMake changes.

    3. In theType menu, select the Confidential Computing technology that youwant to use.

      If the technology that you select requires a specificCompute Engine machine series, a dialog appears. ClickMake changes to update the machine series for the node pool.

  6. In the navigation menu, clickNode pool details.

  7. In theNode pool details pane, do the following:

    1. Select theSpecify node locations checkbox. A list of zones inthe cluster's region appears.
    2. Select the checkboxes for zones that support the Confidential Computingtechnology that you selected for the nodes. For more information, seeView supported zones.

  8. Optional: Configure other settings for your node pool.

  9. ClickCreate.

Update an existing node pool

This change requires recreating the nodes, which can cause disruption to yourrunning workloads. For details about this specific change, find thecorresponding row in themanual changes that recreate the nodes using a nodeupgrade strategy without respecting maintenancepoliciestable. To learn more about node updates, seePlanning for node updatedisruptions.

Caution: GKE immediately begins recreating the nodes for thischange using the node upgrade strategy, regardless of active maintenancepolicies. GKE depends onresourceavailability for thechange. Disabling node auto-upgradesdoesn't prevent thischange.Ensure that your workloads running on the nodes are prepared for disruptionbefore you initiate this change.

You can update existing node pools to use Confidential GKE Nodes or toswitch the Confidential Computing technology that the nodes use. The node poolmust meet all of the following requirements:

  • The nodes use a machine type that supports the chosen Confidential Computingtechnology.
  • The nodes run in zones that support the chosen Confidential Computingtechnology.

Because the machine type and location availability might vary betweenConfidential Computing technologies, you might need to update these attributesfor your node pool before you enable a specific Confidential Computingtechnology.

To update an existing node pool to use Confidential GKE Nodes, selectone of the following options:

gcloud

You can use the gcloud CLI to enableConfidential GKE Nodes on a node pool or to change theConfidential Computing technology of the nodes.

  1. If the node pool already uses Confidential GKE Nodes,disable Confidential GKE Nodes. Wait for the nodepool update operation to complete.

  2. Change the node pool machine type and node locations to supported valuesfor the new Confidential Computing technology:

    gcloudcontainernode-poolsupdateNODE_POOL_NAME\--cluster=CLUSTER_NAME\--location=CLUSTER_LOCATION\--machine-type=MACHINE_TYPE\--node-locations=ZONE1,ZONE2,...

    Replace the following:

    • NODE_POOL_NAME: the name of the existing nodepool.
    • CLUSTER_NAME: the name of the cluster.
    • CLUSTER_LOCATION: the location of the cluster.
    • MACHINE_TYPE: a machine type that supports thenew Confidential Computing technology. For more information, see theAvailability section.
    • ZONE1,ZONE2,...: a comma-separated list ofzones in the cluster region that support the new Confidential Computingtechnology. For more information, seeView supported zones.

  3. Update the node pool with the Confidential Computing technology to use:

    gcloudcontainernode-poolsupdateNODE_POOL_NAME\--cluster=CLUSTER_NAME\--location=CLUSTER_LOCATION\--confidential-node-type=CONFIDENTIAL_COMPUTE_TECHNOLOGY

    ReplaceCONFIDENTIAL_COMPUTE_TECHNOLOGY with theConfidential Computing technology to use. The following values aresupported:

    • sev: AMD SEV
    • sev_snp: AMD SEV-SNP
    • tdx: Intel TDX

Console

You can update an existing node pool to use Confidential GKE Nodesonly if the machine type of the node pool is supported by your chosenConfidential Computing technology. If the nodes don't use a supported machinetype, use the gcloud CLI instructions in this section instead.

  1. In the Google Cloud console, go to theKubernetes clusters page:

    Go to Kubernetes clusters

  2. Click the name of your Standard cluster.

  3. Click theNodes tab.

  4. Click the name of the node pool that you want to modify.

  5. On theNode pool details page, clickEdit. TheEdit node poolpane opens.

  6. In theZones section, verify that the selected zones support theConfidential Computing technology. For more information, seeView supported zones.

    If a selected zone doesn't support the technology, do the following:

    1. Clear the checkbox for the unsupported zone.
    2. Optional: Select the checkboxes for other supported zones.
    3. ClickSave. Wait for the node pool update operation tocomplete.
    4. ClickEdit to reopen theEdit node pool pane.

  7. In theSecurity section, select theEnable Confidential GKE Nodescheckbox.

  8. In theType menu, select the Confidential Computing technology for thenodes.

  9. ClickSave.

Place workloads on only confidential node pools

If you enable Confidential GKE Nodes at the cluster level, all of yourworkloads run on confidential nodes. You don't need to make changes to yourmanifests. However, if you enable Confidential GKE Nodes only forspecific Standard mode node pools at the node pool level, you shoulddeclaratively express that your workloads must run only on node pools withConfidential GKE Nodes.

  • To require that a workload runs on a specific Confidential Computing technology,use anode selectorwith thecloud.google.com/gke-confidential-nodes-instance-type label, likein the following example:

    apiVersion:v1kind:Podspec:# For readability, lines are omitted from this example manifestnodeSelector:cloud.google.com/gke-confidential-nodes-instance-type:"CONFIDENTIAL_COMPUTE_SELECTOR"

    ReplaceCONFIDENTIAL_COMPUTE_SELECTOR with the name ofthe technology that the node pool uses. This field supports the followingvalues, which you must specify in uppercase:

    • SEV: AMD SEV
    • SEV_SNP: AMD SEV-SNP
    • TDX: Intel TDX

  • To let a workload run on any confidential nodes, regardless of theConfidential Computing technology, use anode affinity rule,like in the following example:

    apiVersion:v1kind:Podspec:containers:-name:confidential-appimage:us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:-matchExpressions:-key:cloud.google.com/gke-confidential-nodes-instance-typeoperator:Exists

  • To let a workload run on nodes that use only a subset of the availableConfidential Computing technologies, use a node affinity rule that's similarto the following example:

    apiVersion:v1kind:Podspec:containers:-name:confidential-appimage:us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:-matchExpressions:-key:cloud.google.com/gke-confidential-nodes-instance-typeoperator:Invalues:-SEV-SEV_SNP-TDX

    In thevalues field, specify only the Confidential Computing technologiesthat you want to run the workload on.

Verify that Confidential GKE Nodes is enabled

You can check whether your clusters or nodes useConfidential GKE Nodes by inspecting the clusters, node pools, nodes,or Compute Engine instances.

Verify for clusters

Select one of the following options:

gcloud

Describe the cluster:

gcloudcontainerclustersdescribeCLUSTER_NAME\--location=CONTROL_PLANE_LOCATION\--format='yaml(confidentialNodes.confidentialInstanceType)'

If Confidential GKE Nodes is enabled, the output is similar to thefollowing:

confidentialNodes:  confidentialInstanceType:CONFIDENTIAL_COMPUTE_SELECTOR

Console

  1. In the Google Cloud console, go to theKubernetes clusters page.

    Go to Kubernetes clusters

  2. Click the name of the cluster you want to inspect.

  3. In theSecurity section, verify that theConfidential GKE Nodes field has a value ofEnabled.

Verify for node pools

Select one of the following options:

gcloud

Describe the node pool:

gcloudcontainernode-poolsdescribeNODE_POOL_NAME\--location=CONTROL_PLANE_LOCATION\--format='yaml(confidentialNodes.confidentialInstanceType,enableConfidentialStorage)'

If Confidential GKE Nodes is enabled, the output is similar to thefollowing:

confidentialNodes:  confidentialInstanceType:CONFIDENTIAL_COMPUTE_SELECTOR

If Confidential mode for Hyperdisk Balanced is also enabled, the output is similar to the following:

confidentialNodes:  confidentialInstanceType:CONFIDENTIAL_COMPUTE_SELECTORenableConfidentialStorage: true

Console

  1. In the Google Cloud console, go to theKubernetes clusters page.

    Go to Kubernetes clusters

  2. Click the name of the cluster you want to inspect.

  3. Click the name of a node pool.

  4. In theSecurity section, verify that theConfidential GKE Nodesfield has a value ofEnabled.

Verify for a specific node

  1. Find the node name:

    kubectlgetnodes

  2. Describe the node:

    kubectldescribeNODE_NAME

    ReplaceNODE_NAME with the name of a node toinspect.

    The output is similar to the following:

    Name:               gke-cluster-1-default-pool-affsf335r-asdfRoles:              <none>Labels:             cloud.google.com/gke-boot-disk=pd-balanced                    cloud.google.com/gke-container-runtime=containerdcloud.google.com/gke-confidential-nodes-instance-type=CONFIDENTIAL_COMPUTE_SELECTOR                    cloud.google.com/gke-nodepool=default-pool                    cloud.google.com/gke-os-distribution=cos                    cloud.google.com/machine-family=e2# lines omitted for clarity

    In this output, thecloud.google.com/gke-confidential-nodes-instance-typenode label indicates that the node is a confidential node.

Set organization policy constraints

You can define an organization policy constraint to ensure that all VM resourcescreated across your organization are Confidential VM instances.For GKE, you can customize theRestrict Non-ConfidentialComputing constraint to require that all new clusters are created withone of the available Confidential Computing technologies enabled. Add thecontainer.googleapis.com API Service name to the deny list whenenforcing organization policy constraints,like in the following example:

gcloudresource-managerorg-policiesdeny\constraints/compute.restrictNonConfidentialComputingcompute.googleapis.comcontainer.googleapis.com\--project=PROJECT_ID

ReplacePROJECT_ID with your project ID.

Create a PersistentVolume for Confidential mode for Hyperdisk Balanced

For guidance on allowable values for throughput or IOPS, seePlan the performance level for your Hyperdisk volume.

The following examples show how you can create a Confidential mode for Hyperdisk Balanced StorageClass for each Hyperdisk type:

Hyperdisk Balanced

  1. Save the following manifest in a file namedconfidential-hdb-example-class.yaml:

    apiVersion:storage.k8s.io/v1kind:StorageClassmetadata:name:balanced-storageprovisioner:pd.csi.storage.gke.iovolumeBindingMode:WaitForFirstConsumerallowVolumeExpansion:trueparameters:type:hyperdisk-balancedprovisioned-throughput-on-create:"250Mi"provisioned-iops-on-create:"7000"enable-confidential-storage:truedisk-encryption-kms-key:"projects/KMS_PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/HSM_KEY_NAME"

    Replace the following:

    • KMS_PROJECT_ID: the project that owns theCloud KMS key
    • REGION: the region where the disk is located
    • KEY_RING: the name of the key ring thatincludes the key
    • HSM_KEY_NAME: the name of the HSM key used toencrypt the disk

  2. Create the StorageClass:

    kubectlcreate-fhdb-example-class.yaml

  3. Create aHyperdisk Persistent Volume Claim for GKE that uses your Confidential mode for Hyperdisk Balanced volume.

To find the name of the StorageClasses available in your cluster, run thefollowing command:

kubectlgetsc

Limitations

Confidential GKE Nodes has the following limitations:

Confidential mode for Hyperdisk Balanced has the following limitations:

Live migration limitations

Compute Engine Confidential VM that use the N2Dmachine type and use AMD SEV as the Confidential Computing technologysupportlive migration,which minimizes the potential workload disruption from a host maintenanceevent. Live migration occurs in the following GKE versions:

  • 1.27.10-gke.1218000 and later
  • 1.28.6-gke.1393000 and later
  • 1.29.1-gke.1621000 and later

If your node pools were already running a supported version when live migrationwas added,manually upgrade the node pools to the same or a different supported version. Upgrading the nodes triggers noderecreation, and the new nodes have live migration enabled.

For details about which Compute Engine machine types support livemigration, seeSupported configurations.

If ahost maintenance eventoccurs on a node that doesn't support live migration, the node enters aNotReady state. Running Pods will experience disruptions until the nodebecomes ready again. If the maintenance takes more than five minutes,GKE might try to recreate the Pods on other nodes.

Disable Confidential GKE Nodes

This change requires recreating the nodes, which can cause disruption to yourrunning workloads. For details about this specific change, find thecorresponding row in themanual changes that recreate the nodes using a nodeupgrade strategy without respecting maintenancepoliciestable. To learn more about node updates, seePlanning for node updatedisruptions.

Caution: GKE immediately begins recreating the nodes for thischange using the node upgrade strategy, regardless of active maintenancepolicies. GKE depends onresourceavailability for thechange. Disabling node auto-upgradesdoesn't prevent thischange.Ensure that your workloads running on the nodes are prepared for disruptionbefore you initiate this change.

You can only disable Confidential GKE Nodes in Standard modenode pools. If the node pool is in a cluster that uses Confidential GKE Nodesat the cluster level, you can't disable the feature at the node pool level.To disable Confidential GKE Nodes, select one of the following options:

gcloud

Run the following command:

gcloudcontainernode-poolsupdateNODE_POOL_NAME\--cluster=CLUSTER_NAME\--location=CLUSTER_LOCATION\--no-enable-confidential-nodes

Console

  1. In the Google Cloud console, go to theKubernetes clusters page:

    Go to Kubernetes clusters

  2. Click the name of your Standard cluster.

  3. Click theNodes tab.

  4. Click the name of the node pool that you want to modify.

  5. On theNode pool details page, clickEdit. TheEdit node poolpane opens.

  6. In theSecurity section, clear theEnable Confidential GKE Nodescheckbox.

  7. ClickSave.

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.