Constellation (a Kubernetes distro) [1] on Azure would give you this attestation feature. You could then run sth like HashiCorp's Vault in that cluster. You will know that all nodes of that cluster are in the state that you expect them to be through the attestation statement.
[1] https://github.com/edgelesssys/constellation
Disclaimer: I work for Edgeless Systems.