Theory

The Openshift sandboxed containers operator, which provides confidential containers. This operator is installed in the untrusted cluster, and is in charge of providing the necessary software stack to deploy confidential containers

The Trustee operator, which acts as remote attester. This operator is installed in a trusted environment, and is in charge of attesting that the deployed confidential container is actually running in a confidential environment.