You can create a node pool that supports confidential computing for a cluster of Container Service for Kubernetes (ACK). This creates trusted execution environments (TEEs) to store code and sensitive data in your clusters. This way, you can protect your code and data from being sniffed and compromised. This topic describes how to create a node pool that supports confidential computing.
- A managed Kubernetes cluster is created. For more information, see Create a cluster of ACK Managed Edition. The created cluster must meet the following requirements:
- The network plug-in is Flannel.
- The container runtime is Docker.
- The cluster is deployed in a region where Elastic Compute Service (ECS) Bare Metal instances of the ecs.ebmhfg5.2xlarge type are available for purchase.
- Log on to the ACK console.
- In the left-side navigation pane, click Clusters. On the Clusters page, find the cluster in which you want to create a node pool and click Node Pools in the Actions column.
- On the Node Pools page, click Create Node Pool.
- In the Create Node Pool dialog box, configure the node pool.For more information, see Create a cluster of ACK Managed Edition. The following table lists the required parameters for a confidential computing node pool.
Parameter Description Confidential Computing Select Enable to enable confidential computing. Container Runtime You must select Docker. Auto Scaling Specify whether to enable Auto Scaling (ESS). If you enable ESS, the node pool automatically scales based on the resource consumption. Instance Type Select ECS Bare Metal Instance and select ecs.ebmhfg5.2xlarge as the instance type.Note You can select multiple instance types. Only the ecs.ebmhfg5.2xlarge instance type supports confidential computing. If the stock of ecs.ebmhfg5.2xlarge instances is insufficient, you can select another instance type. However, the node pool does not support confidential computing in this case. Quantity Specify the initial number of nodes in the node pool. If you do not need to create nodes in the node pool, set this parameter to 0. Operating System You can select only the Aliyun Linux operating system. Node Label You can attach labels to nodes in the node pool. ECS Label You can attach labels to the selected ECS instances.
- Click OK.On the Node Pools page, if the status of the node pool is Initializing, it indicates that the node pool creation is in progress.
On the Clusters page, find the cluster and click View Logs in the Actions column. On the Log Information page, you can view the logs of the newly created node pool that supports confidential computing.After the node pool is created, the node pool changes to the Activestate.