Description

When installing Trustee on an Azure self managed cluster, the trustee-deployment pod that performs attestation is not reachable by any confidential container, even if the AA_KBC_PARAMS field in the peer-pods configmap is set to the right route exposed by the Trustee.

The trustee does not even receive the request.

This is probably related to SSL issues and missing certificates.

Solution: use Nodeport, and it's also ok to just document how to use it

Steps to reproduce

 On an Azure self managed cluster (NOT ARO)

1. Install OSC (CoCo, 1.7) & configure it
2. Install Trustee & configure it. Add some secret
3. Add trustee route in the AA_KBC_PARAMS of OSC
4. Create a confidential container and try to curl the local trustee agents to fetch some secret from the Trustee

Expected result

Attestation is successful, secret retrieved

Actual result

Nothing happens. The trustee pod receives no request.

Impact

Cannot use Trustee as it is documented right now (default edge route)

Env

OSC 1.7, OCP 4.15.34 but I think applies to all versions, any trustee version
Azure self managed cluster