Use Confidential Virtual Machines (CVM) in Azure Kubernetes Service (AKS) cluster

Confidential Virtual Machines (CVM) offer strong security and confidentiality for tenants. CVMs offer VM based Hardware Trusted Execution Environment (TEE) that leverage SEV-SNP security features to deny the hypervisor and other host management code access to VM memory and state, providing defense in depth protections against operator access. These features enable node pools with CVM to target the migration of highly sensitive container workloads to AKS without any code refactoring while benefiting from the features of AKS. For example, you may require CVM if you have the following:

• Workloads that handle security critical data and/or sensitive customer data
• Services that are required to meet various compliance requirements, especially for government contracts. Without a scalable solution for securing data, this could potentially lead to the loss of accreditations and contracts.

In this article, you learn how to create AKS node pools using Confidential VM sizes.

AKS supported confidential VM sizes

Azure offers a choice of Trusted Execution Environment (TEE) options from both AMD and Intel. These TEEs allow you to create Confidential VM environments with excellent price-to-performance ratios, all without requiring any code changes.

• AMD-based Confidential VMs, use AMD SEV-SNP technology, which is introduced with third Gen AMD EPYC™ processors.
• Intel-based Confidential VMs use Intel TDX, with fourth Gen Intel® Xeon® processors.

Both technologies have different implementations. However both provide similar protections from the cloud infrastructure stack. For more information, see CVM VM sizes.

Security Features

CVMs offer the following security enhancements as compared to other virtual machine (VM) sizes:

• Robust hardware-based isolation between virtual machines, hypervisor, and host management code.
• Customizable attestation policies to ensure the host's compliance before deployment.
• Cloud-based Confidential OS disk encryption before the first boot.
• VM encryption keys that the platform or the customer (optionally) owns and manages.
• Secure key release with cryptographic binding between the platform's successful attestation and the VM's encryption keys.
• Dedicated virtual Trusted Platform Module (TPM) instance for attestation and protection of keys and secrets in the virtual machine.
• Secure boot capability similar to Trusted launch for Azure VMs

How does it work?

If you're running a workload that requires enhanced confidentiality and integrity, you can benefit from memory encryption and enhanced security without code changes in your application. All pods on your CVM node are part of the same trust boundary. The nodes in a node pool created with CVM use a customized [node image][./node-images] specially configured for CVM.

Supported OS Versions

You can create CVM node pools on Linux OS types (Ubuntu and Azure Linux). However, not all OS versions support CVM node pools.

This table includes the supported OS versions:

When using Ubuntu or AzureLinux as the osSKU, if the default OS version doesn't support CVM, AKS defaults to the most recent CVM-supported version of the OS. For example, Ubuntu 22.04 is default for Linux node pools. Since 22.04 doesn't currently support CVM, AKS defaults to Ubuntu 20.04 for Linux CVM-enabled node pools.

Limitations

The following limitations apply when adding a node pool with CVM to AKS:

• You can't use FIPS, ARM64, Trusted Launch, or Pod Sandboxing.
• You can't update an existing node pool to migrate to a CVM size. To migrate, you'll need to resize your node pool.
• You can't use CVM with Windows node pools.
• CVM with Azure Linux is currently in preview.

Prerequisites

Before you begin, make sure you have the following:

• An existing AKS cluster.
• CVM sizes must be available for your subscription in the region where the cluster is created. You must have sufficient quota to create a node pool with a CVM size.
• If you're using Azure Linux os, you need to install the aks-preview extension, update the aks-preview extension, and register the preview feature flag. If you're using Ubuntu, you can skip these steps.

Install aks-preview extension

1. Install the aks-preview Azure CLI extension using the az extension add command.

   Important

   AKS preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. AKS previews are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use. For more information, see the following support articles:

   • AKS support policies
   • Azure support FAQ

   az extension add --name aks-preview
   

2. Update to the latest version of the extension using the az extension update command.

   az extension update --name aks-preview
   

Register AzureLinuxCVMPreview feature flag

1. Register the AzureLinuxCVMPreview feature flag using the [az feature register][az-feature-register] command.

   az feature register --namespace "Microsoft.ContainerService" --name "AzureLinuxCVMPreview"
   

2. Verify the registration status using the [az feature show][az-feature-show] command. It takes a few minutes for the status to show Registered.

   az feature show --namespace Microsoft.ContainerService --name AzureLinuxCVMPreview
   

3. When the status reflects Registered, refresh the registration of the Microsoft.ContainerService resource provider using the [az provider register][az-provider-register] command.

   az provider register --namespace Microsoft.ContainerService
   

Add a node pool with a CVM to your AKS cluster

• Add a node pool with a CVM to your AKS cluster using the az aks nodepool add command and set the node-vm-size to a supported VM size.

  az aks nodepool add \
      --resource-group myResourceGroup \
      --cluster-name myAKSCluster \
      --name cvmnodepool \
      --node-count 3 \
      --node-vm-size Standard_DC4as_v5 
  

If you don't specify the osSKU or osType, AKS defaults to --os-type Linux and --os-sku Ubuntu.

Verify the node pool uses CVM

1. Verify a node pool uses CVM using the az aks nodepool show command and verify the vmSize is Standard_DCa4_v5.

   az aks nodepool show \
       --resource-group myResourceGroup \
       --cluster-name myAKSCluster \
       --name cvmnodepool \
       --query 'vmSize'
   

   The following example command and output shows the node pool uses CVM:

   az aks nodepool show \
       --resource-group myResourceGroup \
       --cluster-name myAKSCluster \
       --name cvmnodepool \
       --query 'vmSize'
   
   "Standard_DC4as_v5"
   

2. Verify a node pool uses a CVM image using the az aks nodepool list command.

   az aks nodepool list \
       --resource-group myResourceGroup \
       --cluster-name myAKSCluster \
       --name cvmnodepool \
       --query 'nodeImageVersion'
   

   The following example command and output shows the node pool uses an Ubuntu 20.04 CVM image:

   az aks nodepool show \
       --resource-group myResourceGroup \
       --cluster-name myAKSCluster \
       --name cvmnodepool \
       --query 'nodeImageVersion'
   
   "AKSUbuntu-2004cvmcontainerd-202507.02.0"
   

Remove a node pool with CVM from an AKS cluster

• Remove a node pool with CVM from an AKS cluster using the az aks nodepool delete command.

  az aks nodepool delete \
      --resource-group myResourceGroup \
      --cluster-name myAKSCluster \
      --name cvmnodepool
  

Next steps

In this article, you learned how to add a node pool with CVM to an AKS cluster.

• For more information about CVM, see Confidential VM node pools support on AKS.
• To migrate an existing node pool to a CVM vm size, you can resize your node pool.
• If you're only interested in enabling Trusted Launch on your node pools, see Trusted Launch on AKS.