From 20924a34f184b5590b8e0e35b0cd8ae740e70967 Mon Sep 17 00:00:00 2001 From: Arthur de Lapertosa Lisboa Date: Thu, 22 Aug 2024 17:03:45 -0300 Subject: [PATCH] Add Confidential Computing examples to google_compute_instance and google_compute_instance_template resources (#11518) --- .../docs/r/compute_instance.html.markdown | 51 +++++++++++++++++++ .../r/compute_instance_template.html.markdown | 41 +++++++++++++++ 2 files changed, 92 insertions(+) diff --git a/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown b/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown index fa523ea69250..c1f3cd63e7db 100644 --- a/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown +++ b/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown @@ -62,6 +62,57 @@ resource "google_compute_instance" "default" { } ``` +## Example usage - Confidential Computing + +Example with [Confidential Mode](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview) activated. + +```tf +resource "google_service_account" "default" { + account_id = "my-custom-sa" + display_name = "Custom SA for VM Instance" +} + +resource "google_compute_instance" "confidential_instance" { + name = "my-confidential-instance" + zone = "us-central1-a" + machine_type = "n2d-standard-2" + min_cpu_platform = "AMD Milan" + + confidential_instance_config { + enable_confidential_compute = true + confidential_instance_type = "SEV" + } + + boot_disk { + initialize_params { + image = "ubuntu-os-cloud/ubuntu-2004-lts" + labels = { + my_label = "value" + } + } + } + + // Local SSD disk + scratch_disk { + interface = "NVME" + } + + network_interface { + network = "default" + + access_config { + // Ephemeral public IP + } + } + + service_account { + # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles. + email = google_service_account.default.email + scopes = ["cloud-platform"] + } +} +``` + ## Argument Reference The following arguments are supported: diff --git a/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown b/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown index cd97bf4405e8..5d66dca4c088 100644 --- a/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown +++ b/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown @@ -224,6 +224,47 @@ With this setup Terraform generates a unique name for your Instance Template and can then update the Instance Group manager without conflict before destroying the previous Instance Template. +## Example usage - Confidential Computing + +Example with [Confidential Mode](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview) activated. + +```tf +resource "google_service_account" "default" { + account_id = "my-custom-sa" + display_name = "Custom SA for VM Instance" +} + +resource "google_compute_instance_template" "confidential_instance_template" { + name = "my-confidential-instance-template" + region = "us-central1" + machine_type = "n2d-standard-2" + min_cpu_platform = "AMD Milan" + + confidential_instance_config { + enable_confidential_compute = true + confidential_instance_type = "SEV" + } + + disk { + source_image = "ubuntu-os-cloud/ubuntu-2004-lts" + } + + network_interface { + network = "default" + + access_config { + // Ephemeral public IP + } + } + + service_account { + # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles. + email = google_service_account.default.email + scopes = ["cloud-platform"] + } +} +``` + ## Deploying the Latest Image A common way to use instance templates and managed instance groups is to deploy the