dstack-capsule: Pod-Level Remote Attestation for Confidential Workloads on Kubernetes

ArXi:2606.03323v1 Announce Type: cross The rise of LLM-as-a-Service and other confidential cloud workloads demands cryptographic proof that user data is processed in a trusted, untampered environment. Existing solutions, notably Confidential Containers (CoCo), enforce a strict "one Pod per VM" model that attests only the Guest OS stack, leaving container-level identity unverified and incurring prohibitive per-VM resource overhead.