Skip to main content

General availability: AMD-based confidential VMs for Azure Kubernetes Service

Published date: October 12, 2022

Azure Kubernetes Service (AKS) provides the capability for organizations to deploy containers at scale. We are expanding the Azure confidential computing portfolio to enable AMD-based confidential VM node pools in AKS, adding defense-in-depth to Azure's already hardened security profile.    

With the general availability of confidential virtual machines featuring AMD 3rd Gen EPYC™ processors, with Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) security features, organizations get VMs with isolated, encrypted memory, and genuine confidentiality attestation rooted to the hardware. 

AKS is now equipped to have confidential and non-confidential node pools on a single cluster. This means that applications processing sensitive data can reside in a VM-level Trusted Execution Environment (TEE) node pool with memory encryption keys generated from the chipset itself.  

Confidential node pools on AKS enable a seamless transition of Linux container workloads to Azure without the overhead of changing code.  

Read the blog and the documentation to learn more. 

  • Azure Kubernetes Service (AKS)
  • Features
  • Operating System
  • Services
  • Open Source
  • Microsoft Ignite
  • Security