Ensure the operator manages CRI-O drop-in configuration files for CoCo runtimes via MachineConfig the RPM.

As a platform engineerI want CRI-O properly configured for CoCo runtimesSo that the container runtime can launch confidential workloads with appropriate TEE settings

  Description:

  Implement CRI-O configuration management through -MachineConfig to-the RPM register and configure CoCo-specific runtimes. The operator should generate and deploy appropriate CRI-O drop-in

  configuration files for -the detected-all TEE types. Proper scheduling to detected TEE types will be handle at the RuntimeClass level.

  Acceptance Criteria:

  - Generate CRI-O configuration for detected TEE type (TDX or SNP)

  - Register kata-qemu-tdx or kata-qemu-snp runtime in CRI-O based on hardware

  - Configure runtime paths to use OSC Extension QEMU

  - Create MachineConfig targeting appropriate node pools (kata-oc or master for SNO)

  - Include TEE-specific runtime configuration paths

  - Handle both Single Node OpenShift and multi-node cluster topologies

  - Update configuration when TEE type detection changes

  Testing Considerations:

  - Unit Tests: CRI-O configuration generation for TDX and SNP

  - Unit Tests: MachineConfig generation with correct targeting

  - Integration Tests: MachineConfig deployment and node updates

  - Integration Tests: CRI-O configuration validation on target nodes

  - E2E Tests: Verify CRI-O can launch TEE-specific runtimes

  - Compatibility Tests: Test with different CRI-O versions

  - Rollback Tests: Configuration updates and rollback scenarios

  - SNO Tests: Single Node OpenShift configuration deployment