Installation

Cosmos Catalog

Add the Cosmos operator catalog to your OpenShift cluster to access all Cosmos operators through the OperatorHub.

Prerequisites

The Cosmos catalog is hosted on a private registry that requires authentication. Before adding the catalog source, you must create a pull secret with your registry credentials.

To discuss registry credentials, contact [email protected]

Create the Pull Secret

Create a docker-registry secret in the openshift-marketplace namespace with your credentials.

oc create secret docker-registry cosmos-registry-credentials \
  --namespace=openshift-marketplace \
  --docker-server=registry.cosmosdevops.co.uk \
  --docker-username=<your-username> \
  --docker-password=<your-password>

Alternatively, apply as YAML:

cosmos-pull-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: cosmos-registry-credentials
  namespace: openshift-marketplace
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: <base64-encoded-docker-config>

To generate the base64-encoded value, run:
echo -n '{"auths":{"registry.cosmosdevops.co.uk":{"username":"USER","password":"PASS","auth":"BASE64"}}}' | base64

Verify the Secret

Confirm the secret was created successfully.

oc get secret cosmos-registry-credentials -n openshift-marketplace

Navigate to Secrets

In the OpenShift Console, go to Workloads → Secrets. Select the openshift-marketplace project from the namespace dropdown.

Create Image Pull Secret

Click Create → Image pull secret and enter:

Secret name: cosmos-registry-credentials
Authentication type: Image registry credentials
Registry server address: registry.cosmosdevops.co.uk
Username: Your provided username
Password: Your provided password

Click Create to save the secret.

Add the Catalog Source

The Cosmos Catalog provides all Cosmos operators in a single source. Once added to your cluster, operators will appear in the OperatorHub and can be installed through the OpenShift Console or CLI.

Create the CatalogSource

Apply the following YAML to add the Cosmos catalog to your cluster. The secrets field references the pull secret created in the previous step.

cosmos-catalogsource.yaml

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: cosmos-catalog
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: registry.cosmosdevops.co.uk/cosmos/cosmos-catalog:latest
  displayName: Cosmos Operators
  publisher: Cosmos
  secrets:
    - cosmos-registry-credentials
  updateStrategy:
    registryPoll:
      interval: 30m

Apply with:

oc apply -f cosmos-catalogsource.yaml

Verify the Catalog

Check that the CatalogSource is ready.

oc get catalogsource cosmos-catalog -n openshift-marketplace

You should see the catalog with READY status:

NAME             DISPLAY            TYPE   PUBLISHER   AGE
cosmos-catalog   Cosmos Operators   grpc   Cosmos      30s

Browse Available Operators

List operators available from the Cosmos catalog.

oc get packagemanifests -l catalog=cosmos-catalog

Operators can be installed via oc by creating a Subscription resource, or through the OpenShift Console OperatorHub.

Navigate to CatalogSources

In the OpenShift Console, go to Administration → Cluster Settings → Configuration → OperatorHub.

Alternatively, navigate directly to Operators → OperatorHub and click Sources tab.

Create CatalogSource

Click Create CatalogSource and enter the following details:

Name: cosmos-catalog
Display name: Cosmos Operators
Publisher: Cosmos
Image: registry.cosmosdevops.co.uk/cosmos/cosmos-catalog:latest

Or switch to YAML view and paste (recommended to include the secrets reference):

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: cosmos-catalog
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: registry.cosmosdevops.co.uk/cosmos/cosmos-catalog:latest
  displayName: Cosmos Operators
  publisher: Cosmos
  secrets:
    - cosmos-registry-credentials
  updateStrategy:
    registryPoll:
      interval: 30m

Install Operators

Navigate to Operators → OperatorHub. Filter by Cosmos Operators to see all available operators.

Click on any operator to view details and click Install to deploy it to your cluster.

Available Operators

The following operators are available through the Cosmos catalog. Each operator can be installed independently based on your requirements.

Karma Governance

Automated trust scoring and behavioral guardrails. Calculates dynamic karma scores and enforces platform constraints based on trust tiers.

Learn more

Tagger Metadata

Declarative metadata management. Define labeling policies once and enforce them across your entire cluster automatically.

Learn more

Breakglass Security

Time-limited, auditable emergency access. Secure, self-service, policy-driven workflow with automatic expiration and audit trails.

Learn more

Clotho Governance

Change management for OpenShift. Routes resource creation through configurable approval workflows with complete audit trails.

Learn more

Scribe GitOps

Synchronize cluster state back to Git. Captures runtime state changes and commits them back to Git automatically.

Learn more

URO Governance

Unused Resource Operator for cluster hygiene. Detects orphaned resources with configurable grace periods and safety scoring.

Learn more

IVO Governance

Image Inventory Operator. Discovers container images, tracks usage, enforces security policies, and automates cleanup.

Learn more

Remove the Catalog

To remove the Cosmos catalog from your cluster, delete the CatalogSource resource. Note that this will not uninstall any operators already installed from the catalog.

oc delete catalogsource cosmos-catalog -n openshift-marketplace