Consume Node Feature Discovery (NFD) labels to automatically detect SNP vs. TDX capabilities.

As a cluster administratorI want automatic detection of TEE hardware capabilitiesSo that the appropriate CoCo runtime is configured without manual specification

Description:

  Implement automatic detection of TEE hardware types using Node Feature Discovery (NFD) labels. The operator should identify TDX and SNP capable nodes and configure appropriate CoCo

  runtimes based on detected hardware.

  Acceptance Criteria:

  - Detect Intel TDX nodes via intel.feature.node.kubernetes.io/tdx: "true" NFD label

  - Detect AMD SNP nodes via amd.feature.node.kubernetes.io/snp: "true" NFD label

  - Support single TEE type per cluster (TDX OR SNP, not mixed for Tech Preview)

  - Report detected TEE type in KataConfig status conditions

  - Validate that cluster has only one TEE type and reject mixed environments

  - Handle node label changes and trigger reconciliation accordingly

  - Provide clear status when no TEE hardware is detected

  Testing Considerations:

  - Unit Tests: Mock NFD labels for TDX-only and SNP-only scenarios

  - Unit Tests: Test validation logic that rejects mixed TEE environments

  - Integration Tests: Node label changes triggering reconciliation

  - Integration Tests: Test with labeled test nodes (mock TEE hardware)

  - Hardware Tests: Test on actual TDX-capable hardware

  - Hardware Tests: Test on actual SNP-capable hardware

  - Status Tests: Verify accurate TEE type reporting in KataConfig status

  - Negative Tests: Test behavior with no TEE-capable nodes