Question
Design how a brand-new, freshly-booted workload obtains its first verifiable identity — the 'secret-zero' / bootstrap-trust problem. A node autoscales up with NO pre-baked credential; it must prove it is a legitimate workload of a given type and receive an identity (an SVID / cert / token) it can then use to authenticate to everything else, across ~30,000 workloads with heavy churn and short identity TTLs. Hand-baking a long-lived secret into the image is exactly what you want to avoid. Discuss the chain of trust that lets a credential-less node attest itself, how you anchor trust without a planted secret, the renewal model, and how you stop a malicious node from impersonating a legitimate workload type.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.