Google Confidential GKE (Google Kubernetes Engine) enables enterprises to run containerised workloads where the node VMs are hardware-encrypted using AMD SEV-SNP or Intel TDX, protecting running workloads from the cloud infrastructure operator. For enterprises running sensitive workloads on GKE — healthcare data processing, financial model inference, PII handling — Confidential GKE provides data-in-use protection with minimal operational overhead beyond standard GKE management. This guide covers configuration, performance characteristics, and enterprise deployment patterns.
What Is Confidential GKE?
--enable-confidential-nodes to the node pool.Confidential GKE Options: C3 (TDX) vs N2D (SEV-SNP)
| Option | Hardware | TEE | vCPU Range | Performance Overhead | Best For |
|---|---|---|---|---|---|
| C3 Confidential | Intel Sapphire Rapids | Intel TDX | 4–192 vCPU | 5–10% | Compute-intensive, newest hardware, AI inference |
| N2D Confidential | AMD EPYC Milan/Genoa | AMD SEV-SNP | 2–224 vCPU | 3–8% | Memory-intensive workloads, existing AMD workflows |
Enabling Confidential GKE
Enable confidential nodes via gcloud: gcloud container node-pools create confidential-pool --cluster=CLUSTER --machine-type=c3-standard-8 --enable-confidential-nodes --zone=us-central1-a. Node pool must use a machine type that supports Confidential VMs. Compatible OS: Container-Optimised OS (COS) or Ubuntu. Verify confidential status: gcloud compute instances describe NODE_NAME | grep -i confidential. Integrate into your Terraform infrastructure-as-code.
Use Kubernetes node selectors and taints to schedule sensitive workloads exclusively to confidential nodes. Add label to node pool: confidential-compute: "true". Add toleration and nodeSelector to pod spec: nodeSelector: {confidential-compute: "true"} and matching toleration. This ensures sensitive containers never run on non-confidential nodes by mistake. Document which workloads require confidential scheduling in your security architecture.
Combine Confidential GKE with Google Cloud KMS key policies that require confidential compute attestation. Use Workload Identity + KMS Key Access Conditions: compute.googleapis.com/confidentialComputing: "true". This ensures encryption keys are only accessible to workloads running in verified confidential nodes. Connect to your secrets management and DevOps security infrastructure.
--enable-confidential-nodes and a compatible machine type. The lowest-friction entry point to confidential computing at enterprise Kubernetes scaleOur DevOps and software development teams design and deploy Confidential GKE architectures for regulated enterprise workloads. Book a free advisory session to scope your confidential Kubernetes deployment.