To support upgrades in confidential clusters, the Confidential Cluster Operator (CCO) must manage reference values used for node attestation in a version-aware and lifecycle-safe manner.
When a cluster is upgraded (e.g., to a new CoreOS version), the operator should:
- Calculate and retrieve new reference values (e.g., PCRs) for the updated CoreOS image.
- Upload the new reference values to Trustee, enabling attestation for nodes running the new version.
- Retain existing reference values for nodes still running the older version to avoid disruption during rolling upgrades.
- Detect when all nodes have upgraded, and remove obsolete reference values from Trustee to maintain a clean state.
This ensures that node attestation remains functional throughout the upgrade process, while minimizing residual data and potential confusion in Trustee.
To support upgrades in confidential clusters, the Confidential Cluster Operator (CCO) must manage reference values used for node attestation in a version-aware and lifecycle-safe manner.
When a cluster is upgraded (e.g., to a new CoreOS version), the operator should:
This ensures that node attestation remains functional throughout the upgrade process, while minimizing residual data and potential confusion in Trustee.