Personas#
This page provides an overview of the prior knowledge recommended before implementing the architecture, the personas who own each part of the deployment, and how to navigate this documentation.
Before You Begin#
This documentation describes NVIDIA’s reference architecture and deployment recommendations for the upstream CNCF Confidential Containers project with NVIDIA GPUs. Understanding the upstream project’s goals, architecture, and threat model will give you the context needed to understand architecture decisions described in this documentation.
Before using this documentation, you should be familiar with:
Confidential Containers concepts outlined in the upstream Confidential Containers documentation, including the trust model, attestation flow, and key features such as sealed secrets and encrypted container images. Start there if you are new to Confidential Computing on Kubernetes.
Kubernetes administration and deployment experience, including deploying workloads, using
kubectl, and installing components with Helm. Refer to the Kubernetes documentation if you need a foundation.Confidential Computing hardware, familiarity with AMD SEV-SNP or Intel TDX, and an understanding of which technology your target hardware uses.
The documentation on this site is specific for deploying Confidential Containers on NVIDIA GPUs with Kata Containers and the NVIDIA GPU Operator. It covers the steps you take to enable and configure these components on your cluster to align with the NVIDIA Reference Architecture for Confidential Containers. For more advanced Confidential Containers topics, refer to the upstream Confidential Containers documentation.
Personas#
The personas used throughout this documentation describe who is responsible for each stage of enabling and managing Confidential Computing, from hardware selection through workload deployment. Depending on your role, you may complete several sections or only a subset.
Persona |
Responsibilities |
Start here |
|---|---|---|
Selects Confidential Computing-capable CPU and GPU hardware and configures BIOS/UEFI settings. |
||
Prepares the host operating system after hardware and BIOS configuration are complete. |
||
Installs and manages the Kubernetes cluster and the Confidential Containers software stack. |
||
Validates Confidential Computing configuration, attestation policy, and secret release for workloads. |
||
Deploys confidential GPU workloads on a prepared cluster. |
Hardware IT Administrator#
The Hardware IT Administrator is near the beginning of the Confidential Computing workflow. This persona selects the correct CPU and GPU part numbers and configures BIOS/UEFI settings for subsequent steps. Typical roles include system architect and IT administrator.
Relevant pages in this documentation:
Supported Platforms: validated CPU, GPU, OS, and component version combinations that NVIDIA has tested with Confidential Containers.
For BIOS configuration and hardware setup, refer to the NVIDIA Confidential Computing Deployment Guide Hardware IT Administrator section.
Host OS Administrator#
The Host OS Administrator receives a system with BIOS/UEFI configured for Confidential Computing and prepares the host operating system. This persona is responsible for host OS selection, initial configuration, and validation before confidential workloads can run. Typical roles include system architect, cloud administrator, or advanced on-premises user.
Relevant pages in this documentation:
Supported Platforms: validated host OS and kernel versions.
For host OS setup, refer to the NVIDIA Confidential Computing Deployment Guide Host OS Administrator section.
Kubernetes Cluster Administrator#
The Kubernetes Cluster Administrator is responsible for installing and managing the Kubernetes cluster and the Confidential Containers software stack.
This persona could be a platform engineer with cluster-admin access to the API, host access to worker nodes, and familiarity with Helm and kubectl.
This persona performs the initial deployment and is responsible for day-two operations such as upgrades and Confidential Computing mode changes.
Relevant pages:
Reference Architecture: understand the software components and how they fit together.
Prerequisites: prepare worker nodes and the Kubernetes cluster.
Quickstart Install: minimal steps to install Kata Containers and the GPU Operator.
Detailed Install Guide: install with per-node labeling and additional configuration options.
Run a Sample Workload: confirm the deployment was successful.
Managing the Confidential Computing Mode: change the CC mode on GPUs at the cluster or node level as needed.
Troubleshooting: resolve install and deploy failures (for example Insufficient nvidia.com/pgpu).
Security Engineer#
The Security Engineer might or might not be the Kubernetes Cluster Administrator. Their work may cover attestation services, reference values, policies, and secret release for confidential workloads. Typical roles include security engineer, platform security, or DevSecOps.
Relevant pages:
Reference Architecture: understand the use cases, trust model, and how workloads are isolated from the infrastructure.
Attestation Quickstart: stand up a local Trustee instance and verify connectivity. Attestation is required for workloads that use secrets, encrypted container images, or authenticated registries.
For production attestation workflows, secret management, and policy configuration, refer to the upstream Confidential Containers attestation documentation.
Container User#
The Container User deploys confidential applications on a system that is already configured for Confidential Computing. In this documentation, that means deploying confidential GPU workloads with Kubernetes manifests on a cluster that the Kubernetes Cluster Administrator has prepared. This persona works primarily with Kubernetes workload manifests and does not require host access to worker nodes.
Relevant pages:
Configuring Workloads: runtime class selection, GPU and NVSwitch resource types, and single- or multi-GPU passthrough manifests.
Run a Sample Workload: run the reference workload to confirm the cluster is ready before deploying your own application.
Advanced Setup Overview: choose attestation, CC mode, and workload configuration topics after install.