Administrators configure the platform infrastructure that users operate on. This includes registering clusters, managing users and groups, setting up private registries and configuring target providers.
Permission Model
The Admin creates groups that define what users can do on the platform. Each group specifies:
Which clusters are accessible
Which permissions are granted (View, Run, Delete)
Which registries are visible
Users inherit all permissions from their assigned group.
Admin creates Group
│
├── Assigns Clusters (target-1, target-2, ...)
├── Assigns Permissions (View, Run, Delete)
└── Assigns Registry Visibility
│
└── Users in this group inherit everything
INFO
Every user must belong to a group. A user without a group has no access to the platform.
Register target Kubernetes clusters that will be available for chaos scenario execution. The operator runs on a control plane cluster and executes scenarios against registered targets — it never runs chaos against itself.
Operations
Operation
Description
Add Cluster
Register a new target cluster by providing its name and kubeconfig
View Clusters
Browse all registered clusters and their status
Delete Cluster
Remove a cluster from the platform
Once registered, clusters become available for assignment to groups through User Management.
Organize users through groups that define cluster access and permissions. The group is the central unit of the permission model — users inherit all capabilities from their assigned group.
Groups
A group defines what its members can access and do on the platform.
Field
Description
Name
Group identifier
Description
Purpose of the group
Cluster Permissions
Which registered clusters this group can target
Groups also receive permission flags that control what operations their members can perform:
Permission
What it grants
View
View jobs and execution results
Run
Execute scenarios, use Chaos Studio, access cluster terminal
Delete
Remove jobs and execution history
Users
Users are created and assigned to a group during creation.
Field
Description
User Data
Username, credentials
Group
The group this user belongs to
INFO
Group assignment is mandatory. Every user must belong to exactly one group. A user cannot be created without selecting a group. The group determines which clusters the user can target and which operations they can perform.
Permission Cascade
Group "SRE Team"
├── Clusters: production-us, production-eu
├── Permissions: View, Run
└── Members: alice, bob
│
├── alice → can run scenarios on production-us, production-eu
└── bob → can run scenarios on production-us, production-eu
3 - Registry Management
Configure private container registries and visibility
Configure private container registries for chaos scenario images and control which groups can access them. By default, scenarios are pulled from the public Quay.io registry. Private registries enable air-gapped deployments and custom scenario images.
Creating a Private Registry
Configure a private registry by providing its connection settings (URL, credentials, TLS configuration).
Visibility
Each registry has a visibility setting that controls who can use it:
Visibility
Description
Everyone
All users on the platform can select this registry
Group-based
Only users belonging to assigned groups can see and use this registry
Impact on Scenario Selection
When a user selects a private registry during scenario execution, only the scenarios that have been mirrored to that registry will be available. Scenarios not present in the private registry will not appear in the selection list.
INFO
Air-Gapped Environments: The operator uses OCI registry APIs for scenario metadata. A private registry configuration allows the platform to function completely in disconnected environments without external connectivity.
Configure target providers that integrate with external cluster management platforms. The provider configuration interface adapts dynamically based on the selected provider.
Supported Providers
Provider
Description
ACM / OCM
Automatically discover and synchronize managed Kubernetes clusters through Red Hat Advanced Cluster Management or Open Cluster Management
INFO
The provider configuration interface is designed to be extensible. As new integration operators are developed, their configuration panels will appear automatically in this section.