Workload metadata variables

Workload operator

You can change the Confidential Space workload VM behavior by passing variables into the --metadata option when you create the VM.

To pass in multiple variables, first set the delimiter by prefixing the --metadata value with ^~^ . This sets the delimiter to ~ , as , is used in variable values.

For example:

 metadata="^~^tee-restart-policy=Always ~tee-image-reference=us-docker.pkg.dev/ WORKLOAD_AUTHOR_PROJECT_ID 
/ REPOSITORY_NAME 
/ WORKLOAD_CONTAINER_NAME 
:latest"

The following table details the metadata variables you can set for your workload VM.

Metadata key

Type

Description and values

tee-image-reference

Interacts with:

Data collaborators : The container.image_id assertion.

String

Required. This points to the location of the workload container.

Example

 tee-image-reference=us-docker.pkg.dev/ WORKLOAD_AUTHOR_PROJECT_ID 
/ REPOSITORY_NAME 
/ WORKLOAD_CONTAINER_NAME 
:latest

tee-added-capabilities

Interacts with:

Workload author : The allow_capabilities launch policy.

JSON string array

Adds additional Linux capabilities to the workload container.

Example

 tee-added-capabilities="[\"CAP_SYS_ADMIN\", \"CAP_SYS_CHROOT\"]"

tee-cgroup-ns

Interacts with:

Workload author : The allow_cgroups launch policy.

Boolean

Defaults to false . When set to true , enables a namespaced cgroup mount at /sys/fs/cgroup .

Example

 tee-cgroup-ns=true

tee-cmd

Interacts with:

Workload author : The allow_cmd_override launch policy.
Data collaborators : The container.cmd_override assertion.

JSON string array

Overrides the CMD instructions specified in the workload container's Dockerfile .

Example

 tee-cmd="[\"params1\", \"params2\"]"

tee-container-log-redirect

Interacts with:

Workload author : The log_redirect launch policy.

Defined string

Outputs STDOUT and STDERR from the workload container to Cloud Logging or serial console, under the confidential-space-launcher field.

The valid values are:

false : (default) no logging occurs.
true : outputs to the serial console and Cloud Logging.
cloud_logging : outputs to Cloud Logging only.
serial : outputs to the serial console only.

A high log volume in the serial console might impact workload performance.

Example

 tee-container-log-redirect=true

tee-dev-shm-size-kb

Integer

Sets the size in kB of the /dev/shm shared memory mount.

Example

 tee-dev-shm-size-kb=65536

tee-env- ENVIRONMENT_VARIABLE_NAME

Interacts with:

Data collaborators : The container.env and container.env_override assertions.

String

Sets environment variables in the workload container. The workload author must also add the environment variable names to the allow_env_override launch policy, or they won't be set.

Example

 tee-env-example-env-1='value-1'~tee-env-example-env-2='value-2'

tee-impersonate-service-accounts

Interacts with:

Data collaborators : The google_service_accounts assertion.

String

A list of service accounts that can be impersonated by the workload operator. The workload operator must be allowed to impersonate the service accounts .

Multiple service accounts can be listed, separated by commas.

Example

 tee-impersonate-service-accounts= SERVICE_ACCOUNT_NAME_1 
@ WORKLOAD_OPERATOR_PROJECT_ID 
.iam.gserviceaccount.com, SERVICE_ACCOUNT_NAME_2 
@ WORKLOAD_OPERATOR_PROJECT_ID 
.iam.gserviceaccount.com

tee-install-gpu-driver

Interacts with:

Data collaborators : The nvidia_gpu.cc_mode assertion.

Boolean

Whether to install NVIDIA's Confidential Computing GPU driver. Requires a machine type that supports NVIDIA Confidential Computing ( Preview ).

Example

 tee-install-gpu-driver=true

tee-monitoring-memory-enable

Interacts with:

Data collaborators : The instance_memory_monitoring_enabled assertion.
Workload author : The monitoring_memory_allow launch policy.

Boolean

Defaults to false . When set to true , enables memory usage monitoring. The metrics collected by the Confidential VM are of the guest/memory/bytes_used type, and can be viewed in Cloud Logging or Metrics Explorer .

Example

 tee-monitoring-memory-enable=true

tee-mount

Interacts with:

Workload author : The allow_mount_destinations launch policy.

String

A list of semicolon-separated mount definitions. A mount definition consists of a comma-separated list of key-value pairs, requiring type , source , and destination . destination must be an absolute path and type / source must be tmpfs .

Example

 type=tmpfs,source=tmpfs,destination=/tmp/tmpfs,size=12345;type=tmpfs,source=tmpfs,destination=/run/workload

tee-restart-policy

Interacts with:

Data collaborators : The container.restart_policy assertion.

Defined string

The restart policy of the container launcher when the workload stops

The valid values are:

Never (default)
Always
OnFailure

This variable is only supported by the production Confidential Space image.

Example

 tee-restart-policy=OnFailure

tee-signed-image-repos

Interacts with:

Data collaborators : The container.image_signatures assertion.

String

A list of comma-separated container repositories that store the signatures that are generated by Sigstore Cosign .

Example

 tee-signed-image-repos=us-docker.pkg.dev/projectA/repo/example,us-docker.pkg.dev/projectB/repo/example,us-docker.pkg.dev/projectC/repo/example

Workload metadata variables Stay organized with collections Save and categorize content based on your preferences.

Example

Example

Example

Example

Example

Example

Example

Example

Example

Example

Example

Example

Example

Workload metadata variables