Install the OSC operator

PERSONA: Untrusted cluster admin

This whole section can be automated with the following command:

curl -L https://raw.githubusercontent.com/confidential-devhub/workshop-on-ARO-showroom/refs/heads/main/helpers/install-osc.sh -o install-osc.sh

chmod +x install-osc.sh

./install-osc.sh

Let’s install OSC to enable CoCo.

Install via command line

We will install and stick to OSC 1.11.1 for the time being.

oc apply -f-<<EOF
---
apiVersion: v1
kind: Namespace
metadata:
  name: openshift-sandboxed-containers-operator
---
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: openshift-sandboxed-containers-operator
  namespace: openshift-sandboxed-containers-operator
spec:
  targetNamespaces:
  - openshift-sandboxed-containers-operator
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: openshift-sandboxed-containers-operator
  namespace: openshift-sandboxed-containers-operator
spec:
  channel: stable
  installPlanApproval: Manual
  name: sandboxed-containers-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
  startingCSV:     sandboxed-containers-operator.v1.11.1
EOF

Approve the operator install (since it’s manual install plan).

oc get installplan -n openshift-sandboxed-containers-operator -o jsonpath='{.items[?(@.spec.approved==false)].metadata.name}' | xargs -r oc patch installplan -n openshift-sandboxed-containers-operator --type merge -p '{"spec":{"approved":true}}'

Verification

Ensure that the Operator is correctly installed by running the following command and checking that the PHASE is in Succeeded state:

watch oc get csv -n openshift-sandboxed-containers-operator

Example output

NAME                             DISPLAY                                  VERSION             REPLACES                   PHASE
openshift-sandboxed-containers   openshift-sandboxed-containers-operator  1.11.1                                          Succeeded