diff --git a/google/canonical-offerings.rst b/google/canonical-offerings.rst new file mode 100644 index 00000000..18e7f139 --- /dev/null +++ b/google/canonical-offerings.rst @@ -0,0 +1,49 @@ +Canonical's Offerings on GCP +============================ + +With an optimised Ubuntu GCP kernel built in collaboration between Google and Canonical to deliver the very +best performance on the Google Cloud hypervisor, Ubuntu is a popular Linux OS on GCP for both virtual machines +and container workloads - i.e. for both Google Cloud Engine (GCE) and Google Kubernetes Engine (GKE). + +The ``linux-gcp`` kernel enables accelerated networking with the Compute Engine Virtual Ethernet device and supports the Google latest Tau VM, enabling scale-out optimised workloads. These advantages contribute to Ubuntu being the default host images for Anthos Multi-cloud. + +Another useful feature is the native integration of Ubuntu images with the Administrator console. This enables things like patch management and in-place upgrade of Ubuntu LTS images to Ubuntu Pro without the need for workload redeployment. + +GCE Images +~~~~~~~~~~ + +For each active Ubuntu release, at least two image variants are created for GCE: + +* **Base** images that contain a full Ubuntu development environment +* **Minimal** images that have a smaller footprint than base images, and are designed for production instances that will never be accessed by a human + +Apart from these, + +* **Ubuntu Pro** images are created for 16.04, 18.04, 20.04, 22.04 and +* **Ubuntu Pro FIPS** images are created for 18.04 and 20.04 + +Finally, there's a special sub-family of Google images: + +* **Guest** images that are built with the Google guest agent and +* **Kernel** images that are built with the Google kernel + +These are used by Google to do automated testing of new kernels and/or guests. + + +GKE images +~~~~~~~~~~ + +GKE is Google Cloud's Kubernetes offering. Canonical produces host images for GKE that act as a base for running end user containers. These images include GKE's own custom cloud ``gke`` kernel and custom NVIDIA drivers for use with the custom kernel. + + + +Anthos - Google's multi-cloud GKE strategy +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For the various Anthos versions available for different clouds, Canonical provides the following: + +* **Anthos on AWS** - Consultation support +* **Anthos on Azure** - Consultation support +* **Anthos on bare metal** - Ubuntu images based on a DISA STIG hardened 20.04 FIPS compliant version. +* **Anthos on VMware** - A series of CIS hardened and unhardened Ubuntu images in the form of OVAs to be used with VMware + diff --git a/google/google-how-to/create-different-instance-types.rst b/google/google-how-to/create-different-instance-types.rst new file mode 100644 index 00000000..327d2bc2 --- /dev/null +++ b/google/google-how-to/create-different-instance-types.rst @@ -0,0 +1,53 @@ +Create different instance types on GCP +====================================== + +The procedure for creating different instance types on GCP basically boils down to choosing the correct options on your google console. Some specific examples are given below. + + +Create and Ubuntu Pro 22.04 instance +------------------------------------ + +On your google console, while creating a new instance from :guilabel:`Compute Engine` > :guilabel:`VM instances`> :guilabel:`CREATE INSTANCE`: + +* select ``Ubuntu Pro`` and ``Ubuntu 22.04 Pro Server`` in :guilabel:`Boot disk` > :guilabel:`CHANGE` > :guilabel:`Operating system` and :guilabel:`Version` + +Once the instance is up, ssh into it and run + +.. code:: + + ua status + +to check that ``livepatch``, ``esm-apps`` and ``esm-infra`` are enabled. + + + +Create an ARM-based instance +---------------------------- + +On your google console, while creating a new instance from :guilabel:`Compute Engine` > :guilabel:`VM instances`> :guilabel:`CREATE INSTANCE`: + +* choose the ARM CPU platform ``T2A`` in :guilabel:`Machine configuration` > :guilabel:`Series` +* choose an ARM compatible OS and version, say ``Ubuntu`` and ``Ubuntu 22.04 LTS Minimal`` in :guilabel:`Boot disk` > :guilabel:`CHANGE` > :guilabel:`Operating system` and :guilabel:`Version` + + + +Create a confidential compute enabled VM +---------------------------------------- + +On your google console, while creating a new instance from :guilabel:`Compute Engine` > :guilabel:`VM instances`> :guilabel:`CREATE INSTANCE`: + +* select :guilabel:`Confidential VM service` > :guilabel:`ENABLE` + +It'll show you the available machine type - ``N2d-standard-2`` and OS image - ``Ubuntu 20.04 LTS Pro FIPS Server``. On selecting :guilabel:`ENABLE` again, the changes will be reflected under the :guilabel:`Machine configuration` and :guilabel:`Boot disk` sections. + +To check that confidential computing has been enabled correctly, once the instance is up, ssh into it and run + +.. code:: + + dmesg | grep SEV | head + +A statement containing: ``AMD Secure Encryption Virtulization (SEV) active`` should be displayed. + +Back on the google console, select the instance and open :guilabel:`Logs` > :guilabel:`Cloud Logging`. From the list of logs, expand the one for ``sevLaunchAttestationReportEvent`` and check that the field ``integrityEvaluationPassed`` is set to ``true``. + + diff --git a/google/google-how-to/enable-confidential-computing.rst b/google/google-how-to/enable-confidential-computing.rst deleted file mode 100644 index f58b6afa..00000000 --- a/google/google-how-to/enable-confidential-computing.rst +++ /dev/null @@ -1,33 +0,0 @@ -Enable confidential computing -============================= - -What is confidential computing? -------------------------------- - -.. include:: ../../reuse/common-intro.txt - :start-after: Start: Confidential computing - :end-before: End: Confidential computing - - -Create a confidential compute enabled VM ----------------------------------------- - -To enable confidential computing on google cloud: - -#. Log in to Google console and select :guilabel:`CREATE INSTANCE` -#. Scroll down and select :guilabel:`ENABLE` under the *Confidential VM service* option. It'll show you the machine type and OS details - an ``N2d-standard-2`` CPU and an Ubuntu 20.04 LTS Pro FIPS image. On selecting :guilabel:`ENABLE` again, the changes should be reflected under the *Machine configuration* section and the *Boot disk* section. - - -Verify the confidential compute features ----------------------------------------- - -After creation of the instance (which might take a few minutes), ssh into it and run: - -.. code:: - - dmesg | grep SEV | head - -It should display a statement containing: ``AMD Secure Encryption Virtulization (SEV) active``. - -Next, select the instance on the google console and open :guilabel:`Cloud Logging` under *Logs*. From the list of logs, expand the one for ``sevLaunchAttestationReportEvent`` and check that the field ``integrityEvaluationPassed`` is set to ``true``. - diff --git a/google/google-how-to/index.rst b/google/google-how-to/index.rst new file mode 100644 index 00000000..5c678a31 --- /dev/null +++ b/google/google-how-to/index.rst @@ -0,0 +1,12 @@ +How-to guides +============= + +Linked below are step-by-step guides for some key operations such as: creating instances of different types on GCP, deploying Kubernetes on Ubuntu Pro and upgrading from Ubuntu 20.04 to 22.04. + + +.. toctree:: + :maxdepth: 1 + + create-different-instance-types + deploy-kubernetes-with-ubuntu-pro + upgrade-from-focal-to-jammy \ No newline at end of file diff --git a/google/index.rst b/google/index.rst index 061a4297..0b2c5a24 100644 --- a/google/index.rst +++ b/google/index.rst @@ -15,69 +15,6 @@ and features needed to run specific workloads. --------- -Canonical's Offerings on Google Cloud -------------------------------------- - -With an optimised Ubuntu GCP kernel built in collaboration between Google and Canonical to deliver the very -best performance on the Google Cloud hypervisor, Ubuntu is a popular Linux OS on GCP for both virtual machines -and container workloads - i.e. for both Google Cloud Engine (GCE) and Google Kubernetes Engine (GKE). - -The ``linux-gcp`` kernel enables accelerated networking with the Compute Engine Virtual Ethernet device and supports the Google latest Tau VM, enabling scale-out optimised workloads. These advantages contribute to Ubuntu being the default host images for Anthos Multi-cloud. - -Another useful feature is the native integration of Ubuntu images with the Administrator console. This enables things like patch management and in-place upgrade of Ubuntu LTS images to Ubuntu Pro without the need for workload redeployment. - -GCE Images -~~~~~~~~~~ - -For each active Ubuntu release, at least two image variants are created for GCE: - -* **Base** images that contain a full Ubuntu development environment -* **Minimal** images that have a smaller footprint than base images, and are designed for production instances that will never be accessed by a human - -Apart from these, - -* **Ubuntu Pro** images are created for 16.04, 18.04, 20.04, 22.04 and -* **Ubuntu Pro FIPS** images are created for 18.04 and 20.04 - -Finally, there's a special sub-family of Google images: - -* **Guest** images that are built with the Google guest agent and -* **Kernel** images that are built with the Google kernel - -These are used by Google to do automated testing of new kernels and/or guests. - - -GKE images -~~~~~~~~~~ - -GKE is Google Cloud's Kubernetes offering. Canonical produces host images for GKE that act as a base for running end user containers. These images include GKE's own custom cloud ``gke`` kernel and custom NVIDIA drivers for use with the custom kernel. - - - -Anthos - Google's multi-cloud GKE strategy -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -For the various Anthos versions available for different clouds, Canonical provides the following: - -* **Anthos on AWS** - Consultation support -* **Anthos on Azure** - Consultation support -* **Anthos on bare metal** - Ubuntu images based on a DISA STIG hardened 20.04 FIPS compliant version. -* **Anthos on VMware** - A series of CIS hardened and unhardened Ubuntu images in the form of OVAs to be used with VMware - - ----------- - -How-to guides -------------- - -Linked below are step-by-step guides for some key operations: deploying Kubernetes with Ubuntu Pro on GCE, enabling confidential computing and upgrading from Ubuntu 20.04 to 22.04. - -* :doc:`./google-how-to/deploy-kubernetes-with-ubuntu-pro` -* :doc:`./google-how-to/enable-confidential-computing` -* :doc:`./google-how-to/upgrade-from-focal-to-jammy` - ---------- - Project and community --------------------- @@ -94,9 +31,9 @@ suggestions, fixes and constructive feedback. :hidden: :maxdepth: 2 - google-how-to/deploy-kubernetes-with-ubuntu-pro - google-how-to/enable-confidential-computing - google-how-to/upgrade-from-focal-to-jammy + canonical-offerings + google-how-to/index + .. _Code of conduct: https://ubuntu.com/community/governance/code-of-conduct .. _Get support: https://ubuntu.com/cloud/public-cloud diff --git a/reuse/common-intro.txt b/reuse/common-intro.txt index 92fe89f5..91f520bf 100644 --- a/reuse/common-intro.txt +++ b/reuse/common-intro.txt @@ -1,5 +1,7 @@ .. Introduction to clouds +============================================================== + Start: Product need and user **The images create a stable and secure cloud platform** that is ideal for scaling development work @@ -13,6 +15,9 @@ various security-certified images are also available. End: Product need and user +============================================================== + + Start: Confidential computing Data can be thought of as being in one of three states: @@ -26,3 +31,5 @@ Both data in-transit and data at-rest can be encrypted using well-known techniqu Confidential computing is the protection of data in-use by performing computation in a hardware-based trusted execution environment. It allows the encryption of data while it is in the system memory. This requires the support of both hardware and the OS. For example, your hardware could be based on AMD's Secure Encrypted Virtualisation (SEV) architecture and the OS could be Ubuntu. End: Confidential computing + +==============================================================