Validate that the AMD SEV-SNP + NVIDIA Blackwell confidential compute stack runs end-to-end on a K3s-deployed Kubernetes cluster. K3s is not the standard Akash provider topology (Kubespray is — tracked separately), but a meaningful subset of providers run K3s as a lightweight alternative, and validating both paths confirms the architecture is orchestrator-independent at the confidential-compute layer.
Scope: stock Ubuntu 26.04 LTS on Supermicro H13SSL-NT with AMD EPYC 9554 and RTX PRO 6000 Blackwell Server Edition; K3s with embedded containerd; kata-deploy v3.29.0; NVIDIA GPU Operator v26.3.1 in sandboxWorkloads.mode=kata. Validation criterion: confidential pods using kata-qemu-snp (CPU-only) and kata-qemu-nvidia-gpu-snp (GPU passthrough) runtime classes start successfully, SEV-SNP is active at VMPL0 inside the guest, and a CUDA workload completes successfully on the confidential GPU. Aligns with the broader Akash TEE workstream and tracks NVIDIA's documented Confidential Containers Reference Architecture.
Validate that the AMD SEV-SNP + NVIDIA Blackwell confidential compute stack runs end-to-end on a K3s-deployed Kubernetes cluster. K3s is not the standard Akash provider topology (Kubespray is — tracked separately), but a meaningful subset of providers run K3s as a lightweight alternative, and validating both paths confirms the architecture is orchestrator-independent at the confidential-compute layer.
Scope: stock Ubuntu 26.04 LTS on Supermicro H13SSL-NT with AMD EPYC 9554 and RTX PRO 6000 Blackwell Server Edition; K3s with embedded containerd; kata-deploy v3.29.0; NVIDIA GPU Operator v26.3.1 in
sandboxWorkloads.mode=kata. Validation criterion: confidential pods usingkata-qemu-snp(CPU-only) andkata-qemu-nvidia-gpu-snp(GPU passthrough) runtime classes start successfully, SEV-SNP is active at VMPL0 inside the guest, and a CUDA workload completes successfully on the confidential GPU. Aligns with the broader Akash TEE workstream and tracks NVIDIA's documented Confidential Containers Reference Architecture.