diff --git a/gpu-operator/confidential-containers-deploy.rst b/confidential-containers/confidential-containers-deploy.rst similarity index 99% rename from gpu-operator/confidential-containers-deploy.rst rename to confidential-containers/confidential-containers-deploy.rst index 0a6cd204c..85998fbd3 100644 --- a/gpu-operator/confidential-containers-deploy.rst +++ b/confidential-containers/confidential-containers-deploy.rst @@ -5,7 +5,7 @@ Deploy Confidential Containers with NVIDIA GPU Operator ******************************************************* This page describes how to deploy Confidential Containers using the NVIDIA GPU Operator. -For an overview of Confidential Containers, refer to :ref:`early-access-gpu-operator-confidential-containers-kata`. +For an overview of Confidential Containers, refer to :ref:`overview`. .. note:: diff --git a/confidential-containers/confidential-containers.rst b/confidential-containers/confidential-containers.rst new file mode 100644 index 000000000..d0a4e4e53 --- /dev/null +++ b/confidential-containers/confidential-containers.rst @@ -0,0 +1,67 @@ +.. _early-access-gpu-operator-confidential-containers-kata: + +.. license-header + SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. + SPDX-License-Identifier: Apache-2.0 + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + +.. headings # #, * *, =, -, ^, " + +.. _confidential-containers-platform-support: + +################ +Platform Support +################ + +Refer to the *Confidential Computing Deployment Guide* at the https://docs.nvidia.com/confidential-computing website for information about supported NVIDIA GPUs, such as the NVIDIA Hopper H100, and specifically to https://docs.nvidia.com/cc-deployment-guide-snp.pdf for setup specific to AMD SEV-SNP machines. + +The following topics in the deployment guide apply to a cloud-native environment: + +* Hardware selection and initial hardware configuration, such as BIOS settings. +* Host operating system selection, initial configuration, and validation. + +When following the cloud-native sections in above linked deployment guide, use Ubuntu 25.10 as host OS with its default kernel version and configuration. + +The remaining configuration topics in the deployment guide do not apply to a cloud-native environment. NVIDIA GPU Operator performs the actions that are described in these topics. + +For scope of this EA, the following is the validated support matrix. Any other combination has not been evaluated: + +.. list-table:: + :widths: 50 50 + :header-rows: 1 + + * - Component + - Release + * - GPU Platform + - Hopper 100/200 + * - GPU Driver + - R580 TRD 3 + * - kata-containers/kata-containers + - 3.24.0 + * - NVIDIA/gpu-operator + - v25.10.0 and higher + +.. _limitations-and-restrictions: + +Limitations and Restrictions +============================= + +* Only the AMD platform using SEV-SNP is supported for Confidential Containers Early Access. +* GPUs are available to containers as a single GPU in passthrough mode only. Multi-GPU passthrough and vGPU are not supported. +* Support is limited to initial installation and configuration only. Upgrade and configuration of existing clusters to configure confidential computing is not supported. +* Support for confidential computing environments is limited to the implementation described on this page. +* NVIDIA supports the GPU Operator and confidential computing with the containerd runtime only. +* OpenShift is not supported in the Early Access release. +* NFD doesn't label all Confidential Container capable nodes as such automatically. In some cases, users must manually label nodes to deploy the NVIDIA Confidential Computing Manager for Kubernetes operand onto these nodes as described below. + +Deployment and Configuration +============================= + +For detailed instructions on deploying and configuring confidential containers with the NVIDIA GPU Operator, refer to the following guide: \ No newline at end of file diff --git a/gpu-operator/graphics/CoCo-Architecture.png b/confidential-containers/graphics/CoCo-Architecture.png similarity index 100% rename from gpu-operator/graphics/CoCo-Architecture.png rename to confidential-containers/graphics/CoCo-Architecture.png diff --git a/confidential-containers/index.rst b/confidential-containers/index.rst new file mode 100644 index 000000000..644d3f1d4 --- /dev/null +++ b/confidential-containers/index.rst @@ -0,0 +1,29 @@ +.. license-header + SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. + SPDX-License-Identifier: Apache-2.0 + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +.. headings # #, * *, =, -, ^, " + +.. toctree:: + :caption: NVIDIA Confidential Computing + :titlesonly: + :hidden: + + Overview + Platform Support + Deploy Confidential Containers with NVIDIA GPU Operator + + +.. include:: overview.rst \ No newline at end of file diff --git a/gpu-operator/confidential-containers.rst b/confidential-containers/overview.rst similarity index 63% rename from gpu-operator/confidential-containers.rst rename to confidential-containers/overview.rst index 760bf64f7..611d5e975 100644 --- a/gpu-operator/confidential-containers.rst +++ b/confidential-containers/overview.rst @@ -1,26 +1,25 @@ -.. _early-access-gpu-operator-confidential-containers-kata: +.. license-header + SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. + SPDX-License-Identifier: Apache-2.0 -**************************************************************************** -Early Access: NVIDIA GPU Operator with Confidential Containers based on Kata -**************************************************************************** + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at -.. note:: + http://www.apache.org/licenses/LICENSE-2.0 - **Early Access Support** + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. - Early Access (EA) features are not supported in production environments and are not functionally complete. EA features provide a preview of upcoming product features, enabling customers to test functionality and provide feedback during the development process. These releases may not have complete documentation, and testing is limited. Additionally, API and architectural designs are not final and may change in the future. +.. headings # #, * *, =, -, ^, " -.. note:: +Overview of NVIDIA Confidential Containers +========================================== - This EA release only supports the AMD platform using SEV-SNP. - Intel TDX support is planned for a future release. - -.. _confidential-containers-nvidia-gpu-early-access: - - - -Overview -======== +.. _confidential-containers-overview: NVIDIA GPUs power the training and deployment of Frontier Models—world-class Large Language Models (LLMs) that define the state of the art in AI reasoning and capability. As organizations adopt these models in regulated industries such as financial services, healthcare, and the public sector, protecting model intellectual property and sensitive user data becomes essential. @@ -56,7 +55,6 @@ The following high-level flow and diagram show some fundamental concepts for CoC * Kata agent starts containers in the Kata CVM. * The confidential containers attestation agent exercises remote attestation based on the Remote ATtestation ProcedureS (RATS) model in concert with the Confidential Containers' Trustee solution. As part of this, the attestation agent transitions the GPU into the Ready state. Refer to the attestation section for more details. -.. _key-software-components-gpu-operator: Key Software Components of the NVIDIA GPU Operator =================================================== @@ -109,60 +107,4 @@ You can configure all the worker nodes in your cluster for running GPU workloads * NVIDIA VFIO Manager * Node Feature Discovery -This configuration can be controlled through node labelling as described in :ref:`confidential-containers-deploy`. - -.. _supported-platforms: - -Supported Platforms -=================== - -Refer to the *Confidential Computing Deployment Guide* at the https://docs.nvidia.com/confidential-computing website for information about supported NVIDIA GPUs, such as the NVIDIA Hopper H100, and specifically to https://docs.nvidia.com/cc-deployment-guide-snp.pdf for setup specific to AMD SEV-SNP machines. - -The following topics in the deployment guide apply to a cloud-native environment: - -* Hardware selection and initial hardware configuration, such as BIOS settings. -* Host operating system selection, initial configuration, and validation. - -When following the cloud-native sections in above linked deployment guide, use Ubuntu 25.10 as host OS with its default kernel version and configuration. - -The remaining configuration topics in the deployment guide do not apply to a cloud-native environment. NVIDIA GPU Operator performs the actions that are described in these topics. - -For scope of this EA, the following is the validated support matrix. Any other combination has not been evaluated: - -.. list-table:: - :widths: 50 50 - :header-rows: 1 - - * - Component - - Release - * - GPU Platform - - Hopper 100/200 - * - GPU Driver - - R580 TRD 3 - * - kata-containers/kata-containers - - 3.24.0 - * - NVIDIA/gpu-operator - - v25.10.0 and higher - -.. _limitations-and-restrictions: - -Limitations and Restrictions -============================= - -* Only the AMD platform using SEV-SNP is supported for Confidential Containers Early Access. -* GPUs are available to containers as a single GPU in passthrough mode only. Multi-GPU passthrough and vGPU are not supported. -* Support is limited to initial installation and configuration only. Upgrade and configuration of existing clusters to configure confidential computing is not supported. -* Support for confidential computing environments is limited to the implementation described on this page. -* NVIDIA supports the GPU Operator and confidential computing with the containerd runtime only. -* OpenShift is not supported in the Early Access release. -* NFD doesn't label all Confidential Container capable nodes as such automatically. In some cases, users must manually label nodes to deploy the NVIDIA Confidential Computing Manager for Kubernetes operand onto these nodes as described below. - -Deployment and Configuration -============================= - -For detailed instructions on deploying and configuring confidential containers with the NVIDIA GPU Operator, refer to the following guide: - -.. toctree:: - :maxdepth: 2 - - confidential-containers-deploy +This configuration can be controlled through node labelling as described in :ref:`Deploy Confidential Containers with NVIDIA GPU Operator `. \ No newline at end of file diff --git a/confidential-containers/versions1.json b/confidential-containers/versions1.json new file mode 100644 index 000000000..4d9c5bd4a --- /dev/null +++ b/confidential-containers/versions1.json @@ -0,0 +1,7 @@ +[ + { + "preferred": "true", + "url": "../1.0.0", + "version": "1.0.0" + } + ] \ No newline at end of file diff --git a/gpu-operator/index.rst b/gpu-operator/index.rst index afa96c50b..99d705914 100644 --- a/gpu-operator/index.rst +++ b/gpu-operator/index.rst @@ -56,7 +56,7 @@ :hidden: KubeVirt - Confidential Containers + Confidential Containers .. toctree:: :caption: Specialized Networks diff --git a/repo.toml b/repo.toml index 0510a4fd1..9e2dcea3a 100644 --- a/repo.toml +++ b/repo.toml @@ -82,6 +82,7 @@ project_build_order = [ "gpu-telemetry", "openshift", "gpu-operator", + "confidential-containers", "edge", "kubernetes", "partner-validated", @@ -201,6 +202,18 @@ build_by_default = false output_format = "linkcheck" +[repo_docs.projects.confidential-containers] +docs_root = "${root}/confidential-containers" +project = "confidential-containers" +name = "NVIDIA GPU Operator - Confidential Containers" +version = "25.10" +copyright_start = 2020 + +[repo_docs.projects.confidential-containers.builds.linkcheck] +build_by_default = false +output_format = "linkcheck" + + [repo_docs.projects.openshift] docs_root = "${root}/openshift" project = "gpu-operator-openshift" diff --git a/review/index.rst b/review/index.rst index 6b5c3afa5..a23a6098b 100644 --- a/review/index.rst +++ b/review/index.rst @@ -28,3 +28,4 @@ Refer to the following URLs for the review HTML: * `NVIDIA GPU Operator on Red Hat OpenShift Container Platform <./openshift/latest/index.html>`__ * `NVIDIA GPUs and Edge Computing <./edge/latest/index.html>`__ * `Partner-Validated Configurations <./partner-validated/latest/index.html>`__ +* `NVIDIA Confidential Containers <./confidential-containers/latest/index.html>`__