Mit Sammlungen den Überblick behalten
Sie können Inhalte basierend auf Ihren Einstellungen speichern und kategorisieren.
Sie können einen Dataproc-Cluster erstellen, der Compute Engine-Confidential VMs verwendet, um eine Inline-Speicherverschlüsselung bereitzustellen. Confidential VMs verwenden den N2D-Maschinentyp (mit AMD Secure Encrypted Virtualization (SEV).
Cluster mit Confidential VMs erstellen
gcloud-Befehl
Verwenden Sie zum Erstellen eines Dataproc-Clusters, der Confidential VMs verwendet, den Befehl gcloud dataproc clusters create mit dem Flag --confidential-compute.
Voraussetzungen:
Die Master- und Worker-Instanzen müssen den N2D-Maschinentyp verwenden (mit AMD Secure Encrypted Virtualization (SEV)).
Der Cluster muss in einer Region und einer Compute Engine-Zone erstellt werden, die denAMD EPYC Rome CPU-N2D-Maschinentyp unterstützt, der von vertraulichen VMs verwendet wird (siehe Spalte CPUs unter Verfügbare Regionen und Zonen).
Mit dem folgenden Befehl können Sie die CPUs auflisten, die in einer Compute Engine-Zone unterstützt werden:
gcloud compute zones describe ZONE_NAME --format="value(availableCpuPlatforms)"
gcloud dataproc clusters create cluster-name \
--confidential-compute \
--image-version=Ubuntu image version \
--region=region with zone that supports the AMD EPYC Rome CPU \
--zone=zone within the region that supports the AMD EPYC Rome CPU \
--master-machine-type=N2D machine type \
--worker-machine-type=N2D machine type" \
other args ...
REST API
Fügen Sie die ConfidentialInstanceConfig als Teil einer clusters.create-Anfrage hinzu, um einen Dataproc-Cluster zu erstellen, der Confidential VMs verwendet. Legen Sie enableConfidentialCompute auf true fest.
Voraussetzungen:
masterConfig.machineTypeUrimasterConfig.machineTypeUri, und gegebenenfalls secondaryWorkerConfig.machineTypeUri:-Master- und Worker-Instanzen müssen den N2D-Maschinentyp verwenden (mit AMD Secure Encrypted Virtualization (SEV))
gceClusterConfig.zoneUri: Der Cluster muss in einer Compute Engine-Zone erstellt werden, die die von vertraulichen VMs verwendete N2D-AMD EPYC Rome-CPU unterstützt (siehe Spalte CPUs).
unter Verfügbare Regionen und Zonen.
Mit dem folgenden Befehl können Sie die CPUs auflisten, die in einer Compute Engine-Zone unterstützt werden:
gcloud beta compute zones describe "ZONE_NAME --format="value(availableCpuPlatforms)"
[[["Leicht verständlich","easyToUnderstand","thumb-up"],["Mein Problem wurde gelöst","solvedMyProblem","thumb-up"],["Sonstiges","otherUp","thumb-up"]],[["Schwer verständlich","hardToUnderstand","thumb-down"],["Informationen oder Beispielcode falsch","incorrectInformationOrSampleCode","thumb-down"],["Benötigte Informationen/Beispiele nicht gefunden","missingTheInformationSamplesINeed","thumb-down"],["Problem mit der Übersetzung","translationIssue","thumb-down"],["Sonstiges","otherDown","thumb-down"]],["Zuletzt aktualisiert: 2025-08-22 (UTC)."],[[["\u003cp\u003eDataproc clusters can be created with Confidential VMs, which provide inline memory encryption using the N2D machine type with AMD Secure Encrypted Virtualization (SEV).\u003c/p\u003e\n"],["\u003cp\u003eCreating a cluster with confidential VMs using the \u003ccode\u003egcloud\u003c/code\u003e command requires the \u003ccode\u003e--confidential-compute\u003c/code\u003e flag and the use of N2D machine types for both master and worker instances.\u003c/p\u003e\n"],["\u003cp\u003eWhen using the REST API, enable confidential computing by setting \u003ccode\u003eenableConfidentialCompute\u003c/code\u003e to \u003ccode\u003etrue\u003c/code\u003e within the \u003ccode\u003eConfidentialInstanceConfig\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eBoth \u003ccode\u003egcloud\u003c/code\u003e command and REST API methods require the cluster to utilize a supported Ubuntu image and to be created in a region and Compute Engine zone that supports the AMD EPYC Rome CPU.\u003c/p\u003e\n"],["\u003cp\u003eYou can verify supported CPUs in a given zone with the \u003ccode\u003egcloud compute zones describe ZONE_NAME --format="value(availableCpuPlatforms)"\u003c/code\u003e command.\u003c/p\u003e\n"]]],[],null,["# Dataproc Confidential Compute\n\nYou can create a Dataproc cluster that uses\n[Compute Engine Confidential VMs](/confidential-computing/confidential-vm/docs/about-cvm)\nto provide inline memory encryption. Confidential VMs use the [N2D machine type](/compute/docs/machine-types#machine_family_categories) (with AMD Secure\nEncrypted Virtualization (SEV)).\n\nCreate a cluster with confidential VMs\n--------------------------------------\n\n### gcloud command\n\nTo create a Dataproc cluster that uses confidential VMs, use the\n`gcloud dataproc clusters create` command\nwith the\n[--confidential-compute](/sdk/gcloud/reference/dataproc/clusters/create#--confidential-compute), flag.\n\nRequirements:\n\n- The master and worker instances must use the [N2D machine type](/compute/docs/machine-types#machine_family_categories) (with AMD Secure Encrypted Virtualization (SEV)).\n- The cluster must use one of the [supported Ubuntu images](/dataproc/docs/concepts/versioning/dataproc-versions#ubuntu_images).\n- The cluster must be created in a region and Compute Engine zone that supports the **AMD EPYC Rome** CPU (N2D machine type) used by confidential VMs (see the **CPUs** column in [Available regions and zones](/compute/docs/regions-zones#available)). You can run the following command to list the CPUs supported in a Compute Engine zone: \n\n ```\n gcloud compute zones describe ZONE_NAME --format=\"value(availableCpuPlatforms)\"\n \n ```\n\n```\ngcloud dataproc clusters create cluster-name \\ \n --confidential-compute \\ \n --image-version=Ubuntu image version \\\n --region=region with zone that supports the AMD EPYC Rome CPU \\\n --zone=zone within the region that supports the AMD EPYC Rome CPU \\\n --master-machine-type=N2D machine type \\ \n --worker-machine-type=N2D machine type\" \\ \n other args ...\n```\n\n### REST API\n\nTo create a Dataproc cluster that uses confidential VMs, include\nthe [ConfidentialInstanceConfig](/dataproc/docs/reference/rest/v1/ClusterConfig#confidentialinstanceconfig)\nas part of a\n[clusters.create](/dataproc/docs/reference/rest/v1/projects.regions.clusters/create)\nrequest. Set `enableConfidentialCompute` to `true`.\n\nRequirements:\n\n- `masterConfig.machineTypeUri` `masterConfig.machineTypeUri,` and, if applicable, `secondaryWorkerConfig.machineTypeUri:` Master and worker instances must use the [N2D machine type](/compute/docs/machine-types#machine_family_categories) (with AMD Secure Encrypted Virtualization (SEV)).\n- `softwareConfig.imageVersion:` The cluster must use one of the [supported Ubuntu images](/dataproc/docs/concepts/versioning/dataproc-versions#ubuntu_images).\n- `gceClusterConfig.zoneUri:` The cluster must be created in a Compute Engine zone that supports the N2D **AMD EPYC Rome** CPU used by confidential VMs (see the **CPUs** column in [Available regions and zones](/compute/docs/regions-zones#available)). You can run the following command to list the CPUs supported in a Compute Engine zone: \n\n ```\n gcloud beta compute zones describe \"ZONE_NAME --format=\"value(availableCpuPlatforms)\"\n \n ```"]]