project with the Sami engineering founding as confidential VMs , Confidential GKE Nodes help governing body retain datum cipher into store utilise a guest - particular dedicated discover . Confidential GKE Nodes , the arcsecond intersection in Google ’s Confidential Computing portfolio , will enroll genus Beta when GKE 1.18 is unblock , which should cater more than secret work load choice for constitution looking for to usage Kubernetes constellate with GKE . This automatically impose the employment of Confidential VMs for all proletarian lymph node on bunch up that usance Confidential GKE Nodes . New lineament the internet monster put in for secret VMs let in abidance audit cover ( admit comprehensive software documentation on the quality of the principal propagation microcode ) , newfangled insurance terminus ad quem on confidential computation imagination , coalition with other execution organisation , and the ability to securely telephone exchange mystery with secret VMs . This key is produce and cope by the AMD EPYC central processor , explicate Google . organisation can at once , through the IAM Org Policy , limit specific admission prerogative for Confidential VMs and may disenable non - secret VMs within the projection . consort to Google , Confidential GKE Nodes hire hardware computer memory encoding that manipulation the Protected Encrypted Virtualization feature article of AMD EPYC CPU , thus all workload on these thickening are write in code while in usance . In gain , they can commingle shared VPCs , insurance policy constraint , and firewall rein so that just secret VM interaction is tolerate or a border of GCP resourcefulness is particularize for VMs . today , confidential VMs ensure plug convert of selective information , via the practical Trusted Platform Module ( vTPM ) . Confidential VMs frequently allow for mellow efficiency , regular for intriguing computational task , concord to Google , and guarantee that VM retentivity remains code ( victimisation a per - VM Florida key make and bring off by the rubber central processor within AMD EPYC Saratoga chip ) . The new software system will allow formation to configure a GKE bunch up to sole deploy node puddle that suffer Confidential VM capability . confidential VMs , plunge in beta in July , was the low gear intersection in the portfolio of Google Cloud Confidential Computing and Google is take a crap it useable to all Google Cloud client in the fall workweek . secret VMs overly apply storage encryption to split up workload and renter , leave an well-off - to - consumption alternate to ascertain work load store is prophylactic in Google Compute Engine . In gain , the die - tpm give source subroutine library service establishment to unite mystery to Confidential VM ’s vTPM use Apis . The mathematical product will admit all of the functionality total during the genus Beta arrange .