Open
Conversation
Documentation preview |
a-mccarthy
commented
Mar 17, 2026
a-mccarthy
commented
Mar 17, 2026
a-mccarthy
commented
Mar 17, 2026
a-mccarthy
commented
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Mar 18, 2026
manuelh-dev
reviewed
Apr 1, 2026
manuelh-dev
reviewed
Apr 1, 2026
manuelh-dev
reviewed
Apr 1, 2026
manuelh-dev
reviewed
Apr 1, 2026
dcmiddle
reviewed
Apr 1, 2026
a-mccarthy
commented
Apr 2, 2026
a-mccarthy
commented
Apr 2, 2026
fitzthum
reviewed
Apr 2, 2026
fitzthum
left a comment
fitzthum
left a comment
There was a problem hiding this comment.
A few comments on the attestation stuff.
There was a problem hiding this comment.
Pull request overview
Updates the documentation set to reflect the Confidential Containers (CoCo) GA / Reference Architecture release, including new pages and updated navigation/redirects to surface the new content.
Changes:
- Updated GPU Operator docs navigation and redirects to point to new Confidential Containers deployment content.
- Added new Confidential Containers documentation pages (deploy guide, attestation, licensing, supported platforms).
- Refreshed the Confidential Containers overview content to remove Early Access framing and expand details.
Reviewed changes
Copilot reviewed 9 out of 10 changed files in this pull request and generated 13 comments.
Show a summary per file
| File | Description |
|---|---|
| repo.toml | Updates redirect rules related to Confidential Containers pages. |
| gpu-operator/index.rst | Adds a nav entry to the new GPU Operator Confidential Containers page. |
| gpu-operator/getting-started.rst | Minor formatting-only adjustment in a table row. |
| gpu-operator/confidential-containers-deploy.rst | New GPU Operator page linking out to the Confidential Containers RA docs. |
| confidential-containers/index.rst | Updates Confidential Containers landing page nav and cards for GA structure. |
| confidential-containers/overview.rst | Reworks overview content to GA/RA framing and expands sections. |
| confidential-containers/supported-platforms.rst | New supported platforms and component versions page. |
| confidential-containers/confidential-containers-deploy.rst | New end-to-end deployment guide for CoCo with GPU Operator + Kata. |
| confidential-containers/attestation.rst | New attestation configuration page (Trustee + NVIDIA verifier). |
| confidential-containers/licensing.rst | New licensing info page for NVIDIA Confidential Computing capability. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
dcmiddle
reviewed
Apr 10, 2026
dcmiddle
reviewed
Apr 10, 2026
| * Image signature verification for signed multi-arch images is currently not supported. | ||
| * For both single and multi GPU Passthrough, all GPUs on the host must be configured for Confidential Computing and all GPUs must be assigned to one Confidential Container virtual machine. | ||
| Configuring only some GPUs on a node for Confidential Computing is not supported. | ||
|
|
There was a problem hiding this comment.
Suggested change
| Security Considerations | |
| Application Security Defects: Confidential Computing does not protect against threats within the confidential VM including vulnerabilities in the Application itself. Applications must still follow security best practices such as input validation. | |
| Control Plane: CoCo provides a number of protections to limit the influence of the K8s Control Plane. Applications may expose themselves to attack if they rely upon control plane managed configuration. | |
| Environment Variables and ConfigMaps: Unless provisioned as sealed secrets using Trustee, orchestrator-provided environment variables and ConfigMaps remain untrusted and susceptible to manipulation. | |
| Storage and Volume Mounts: Manipulating volume mounts can expose the workload to malicious untrusted host storage or deny access to required persistent data. | |
| Physical Attacks: Confidential Computing considers most physical attacks out of scope. Your kubernetes hosts should be in physically secure datacenters. | |
| Availability: Confidential Computing does not provide availability guarantees. Availability is achieved through replication which is a common aspect of k8s deployments. | |
dcmiddle
reviewed
Apr 10, 2026
| * NFD doesn't label all Confidential Container capable nodes as such automatically. In some cases, users must manually label nodes to deploy the NVIDIA Confidential Computing Manager for Kubernetes operand onto these nodes as described in the deployment guide. | ||
| * Image signature verification for signed multi-arch images is currently not supported. | ||
| * For both single and multi GPU Passthrough, all GPUs on the host must be configured for Confidential Computing and all GPUs must be assigned to one Confidential Container virtual machine. | ||
| Configuring only some GPUs on a node for Confidential Computing is not supported. |
There was a problem hiding this comment.
Suggested change
| Configuring only some GPUs on a node for Confidential Computing is not supported. | |
| Configuring only some GPUs on a node for Confidential Computing is not supported. | |
| CoCo provides its own virtualization based on Kata Containers. CoCo cannot run within an existing virtualized environment, i.e., nested virtualization is not supported. CoCo must be installed on the host not within a guest VM. |
dcmiddle
reviewed
Apr 10, 2026
a-mccarthy
commented
Apr 16, 2026
a-mccarthy
commented
Apr 16, 2026
chenopis
requested changes
Apr 16, 2026
Collaborator
chenopis
left a comment
chenopis
left a comment
There was a problem hiding this comment.
Documentation Review — 13 findings (1 critical)
Critical issues must be resolved before merge.
Review generated with AI assistance.
| .. note:: | ||
|
|
||
| The following topics in the deployment guide apply to a cloud-native environment: | ||
| For both single and multi GPU Passthrough, all GPUs on the host must be configured for Confidential Computing and all GPUs must be assigned to one Confidential Container virtual machine. |
Collaborator
There was a problem hiding this comment.
Low — Duplicate content: This same limitation note ("all GPUs on the host must be configured...") also appears verbatim in the Limitations section at line 213 below. Consider removing one instance to avoid duplication within the same page. (The note also appears in supported-platforms.rst, which is fine for cross-page emphasis.)
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
dcmiddle
reviewed
Apr 17, 2026
| You must assign all the GPUs and NVSwitches on the node in your manifest to the same Confidential Container virtual machine. | ||
|
|
||
| On the NVIDIA Hopper architecture multi-GPU passthrough uses protected PCIe (PPCIE) which claims exclusive use of the NVSwitches for a single Confidential Container virtual machine (CVM). | ||
| When using NVIDIA Hopper nodes for multi-GPU passthrough, transition your relevant node's GPU Confidential Computing mode to ``ppcie`` mode by adding the ``nvidia.com/cc.mode=ppcie`` label. |
There was a problem hiding this comment.
nit
Suggested change
| When using NVIDIA Hopper nodes for multi-GPU passthrough, transition your relevant node's GPU Confidential Computing mode to ``ppcie`` mode by adding the ``nvidia.com/cc.mode=ppcie`` label. | |
| When using NVIDIA Hopper nodes for multi-GPU passthrough, transition your relevant node's GPU Confidential Computing mode to ``ppcie`` mode by applying the ``nvidia.com/cc.mode=ppcie`` label. |
dcmiddle
reviewed
Apr 17, 2026
| - Disable Confidential Containers. | ||
| - cluster-wide default, node-level override | ||
| * - ``ppcie`` | ||
| - Enable Confidential Containers with multi-GPU passthrough on HGX GPUs. |
There was a problem hiding this comment.
HGX is a platform type which can have hopper or blackwell.
Suggested change
| - Enable Confidential Containers with multi-GPU passthrough on HGX GPUs. | |
| - Enable Confidential Containers with multi-GPU passthrough for Hopper GPUs. |
dcmiddle
reviewed
Apr 17, 2026
Comment on lines
+484
to
+490
| - Enable Confidential Containers. | ||
| - cluster-wide default, node-level override | ||
| * - ``off`` | ||
| - Disable Confidential Containers. | ||
| - cluster-wide default, node-level override | ||
| * - ``ppcie`` | ||
| - Enable Confidential Containers with multi-GPU passthrough on HGX GPUs. |
There was a problem hiding this comment.
/Containers/Computing
The CC mode is the Confidential Computing mode of the GPU
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.