Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Anda dapat membuat cluster Dataproc yang menggunakan
Confidential VMs Compute Engine
untuk menyediakan enkripsi memori inline. Confidential VM menggunakan jenis mesin N2D (dengan AMD Secure
Encrypted Virtualization (SEV)).
Membuat cluster dengan VM rahasia
Perintah gcloud
Untuk membuat cluster Dataproc yang menggunakan VM rahasia, gunakan perintah gcloud dataproc clusters create dengan flag --confidential-compute.
Persyaratan:
Instance master dan pekerja harus menggunakan
jenis mesin N2D
(dengan AMD Secure Encrypted Virtualization (SEV)).
Cluster harus dibuat di region dan zona Compute Engine yang mendukung
CPU AMD EPYC Rome (jenis mesin N2D) yang digunakan oleh VM rahasia (lihat kolom CPU
di Region dan zona yang tersedia).
Anda dapat menjalankan perintah berikut untuk mencantumkan CPU yang didukung di zona
Compute Engine:
gcloud compute zones describe ZONE_NAME --format="value(availableCpuPlatforms)"
gcloud dataproc clusters create cluster-name \
--confidential-compute \
--image-version=Ubuntu image version \
--region=region with zone that supports the AMD EPYC Rome CPU \
--zone=zone within the region that supports the AMD EPYC Rome CPU \
--master-machine-type=N2D machine type \
--worker-machine-type=N2D machine type" \
other args ...
REST API
Untuk membuat cluster Dataproc yang menggunakan VM rahasia, sertakan
ConfidentialInstanceConfig
sebagai bagian dari
permintaan
clusters.create. Tetapkan enableConfidentialCompute ke true.
Persyaratan:
masterConfig.machineTypeUrimasterConfig.machineTypeUri, dan, jika berlaku,
secondaryWorkerConfig.machineTypeUri: Instance master dan pekerja
harus menggunakan
jenis mesin N2D
(dengan AMD Secure Encrypted Virtualization (SEV)).
gceClusterConfig.zoneUri: Cluster harus dibuat di
zona Compute Engine yang mendukung CPU
AMD EPYC Rome yang digunakan oleh VM rahasia (lihat kolom
CPU di Region dan zona yang tersedia).
Anda dapat menjalankan perintah berikut untuk mencantumkan CPU yang didukung di zona
Compute Engine:
gcloud beta compute zones describe "ZONE_NAME --format="value(availableCpuPlatforms)"
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-22 UTC."],[[["\u003cp\u003eDataproc clusters can be created with Confidential VMs, which provide inline memory encryption using the N2D machine type with AMD Secure Encrypted Virtualization (SEV).\u003c/p\u003e\n"],["\u003cp\u003eCreating a cluster with confidential VMs using the \u003ccode\u003egcloud\u003c/code\u003e command requires the \u003ccode\u003e--confidential-compute\u003c/code\u003e flag and the use of N2D machine types for both master and worker instances.\u003c/p\u003e\n"],["\u003cp\u003eWhen using the REST API, enable confidential computing by setting \u003ccode\u003eenableConfidentialCompute\u003c/code\u003e to \u003ccode\u003etrue\u003c/code\u003e within the \u003ccode\u003eConfidentialInstanceConfig\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eBoth \u003ccode\u003egcloud\u003c/code\u003e command and REST API methods require the cluster to utilize a supported Ubuntu image and to be created in a region and Compute Engine zone that supports the AMD EPYC Rome CPU.\u003c/p\u003e\n"],["\u003cp\u003eYou can verify supported CPUs in a given zone with the \u003ccode\u003egcloud compute zones describe ZONE_NAME --format="value(availableCpuPlatforms)"\u003c/code\u003e command.\u003c/p\u003e\n"]]],[],null,["# Dataproc Confidential Compute\n\nYou can create a Dataproc cluster that uses\n[Compute Engine Confidential VMs](/confidential-computing/confidential-vm/docs/about-cvm)\nto provide inline memory encryption. Confidential VMs use the [N2D machine type](/compute/docs/machine-types#machine_family_categories) (with AMD Secure\nEncrypted Virtualization (SEV)).\n\nCreate a cluster with confidential VMs\n--------------------------------------\n\n### gcloud command\n\nTo create a Dataproc cluster that uses confidential VMs, use the\n`gcloud dataproc clusters create` command\nwith the\n[--confidential-compute](/sdk/gcloud/reference/dataproc/clusters/create#--confidential-compute), flag.\n\nRequirements:\n\n- The master and worker instances must use the [N2D machine type](/compute/docs/machine-types#machine_family_categories) (with AMD Secure Encrypted Virtualization (SEV)).\n- The cluster must use one of the [supported Ubuntu images](/dataproc/docs/concepts/versioning/dataproc-versions#ubuntu_images).\n- The cluster must be created in a region and Compute Engine zone that supports the **AMD EPYC Rome** CPU (N2D machine type) used by confidential VMs (see the **CPUs** column in [Available regions and zones](/compute/docs/regions-zones#available)). You can run the following command to list the CPUs supported in a Compute Engine zone: \n\n ```\n gcloud compute zones describe ZONE_NAME --format=\"value(availableCpuPlatforms)\"\n \n ```\n\n```\ngcloud dataproc clusters create cluster-name \\ \n --confidential-compute \\ \n --image-version=Ubuntu image version \\\n --region=region with zone that supports the AMD EPYC Rome CPU \\\n --zone=zone within the region that supports the AMD EPYC Rome CPU \\\n --master-machine-type=N2D machine type \\ \n --worker-machine-type=N2D machine type\" \\ \n other args ...\n```\n\n### REST API\n\nTo create a Dataproc cluster that uses confidential VMs, include\nthe [ConfidentialInstanceConfig](/dataproc/docs/reference/rest/v1/ClusterConfig#confidentialinstanceconfig)\nas part of a\n[clusters.create](/dataproc/docs/reference/rest/v1/projects.regions.clusters/create)\nrequest. Set `enableConfidentialCompute` to `true`.\n\nRequirements:\n\n- `masterConfig.machineTypeUri` `masterConfig.machineTypeUri,` and, if applicable, `secondaryWorkerConfig.machineTypeUri:` Master and worker instances must use the [N2D machine type](/compute/docs/machine-types#machine_family_categories) (with AMD Secure Encrypted Virtualization (SEV)).\n- `softwareConfig.imageVersion:` The cluster must use one of the [supported Ubuntu images](/dataproc/docs/concepts/versioning/dataproc-versions#ubuntu_images).\n- `gceClusterConfig.zoneUri:` The cluster must be created in a Compute Engine zone that supports the N2D **AMD EPYC Rome** CPU used by confidential VMs (see the **CPUs** column in [Available regions and zones](/compute/docs/regions-zones#available)). You can run the following command to list the CPUs supported in a Compute Engine zone: \n\n ```\n gcloud beta compute zones describe \"ZONE_NAME --format=\"value(availableCpuPlatforms)\"\n \n ```"]]