This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Administration

Platform administration for Krkn Operator

Administration Admin

Administrators configure the platform infrastructure that users operate on. This includes registering clusters, managing users and groups, setting up private registries and configuring target providers.


Permission Model

The Admin creates groups that define what users can do on the platform. Each group specifies:

  • Which clusters are accessible
  • Which permissions are granted (View, Run, Delete)
  • Which registries are visible

Users inherit all permissions from their assigned group.

Admin creates Group
      ├── Assigns Clusters (target-1, target-2, ...)
      ├── Assigns Permissions (View, Run, Delete)
      └── Assigns Registry Visibility
            └── Users in this group inherit everything

Admin Features

FeatureDescription
Cluster ManagementRegister and remove target Kubernetes clusters
User ManagementCreate groups and users, assign permissions
Registry ManagementConfigure private container registries and visibility
Provider ConfigurationConfigure target providers (ACM integration)

1 - Cluster Management

Register and manage target Kubernetes clusters

Cluster Management Admin

Register target Kubernetes clusters that will be available for chaos scenario execution. The operator runs on a control plane cluster and executes scenarios against registered targets — it never runs chaos against itself.


Operations

OperationDescription
Add ClusterRegister a new target cluster by providing its name and kubeconfig
View ClustersBrowse all registered clusters and their status
Delete ClusterRemove a cluster from the platform

Once registered, clusters become available for assignment to groups through User Management.

Add New Target

Target Clusters

2 - User Management

Manage groups and users on the platform

User Management Admin

Organize users through groups that define cluster access and permissions. The group is the central unit of the permission model — users inherit all capabilities from their assigned group.


Groups

A group defines what its members can access and do on the platform.

FieldDescription
NameGroup identifier
DescriptionPurpose of the group
Cluster PermissionsWhich registered clusters this group can target

Groups also receive permission flags that control what operations their members can perform:

PermissionWhat it grants
ViewView jobs and execution results
RunExecute scenarios, use Chaos Studio, access cluster terminal
DeleteRemove jobs and execution history

Users

Users are created and assigned to a group during creation.

FieldDescription
User DataUsername, credentials
GroupThe group this user belongs to

Permission Cascade

Group "SRE Team"
  ├── Clusters: production-us, production-eu
  ├── Permissions: View, Run
  └── Members: alice, bob
        ├── alice → can run scenarios on production-us, production-eu
        └── bob   → can run scenarios on production-us, production-eu

3 - Registry Management

Configure private container registries and visibility

Registry Management Admin

Configure private container registries for chaos scenario images and control which groups can access them. By default, scenarios are pulled from the public Quay.io registry. Private registries enable air-gapped deployments and custom scenario images.


Creating a Private Registry

Configure a private registry by providing its connection settings (URL, credentials, TLS configuration).

Private Registry Configuration


Visibility

Each registry has a visibility setting that controls who can use it:

VisibilityDescription
EveryoneAll users on the platform can select this registry
Group-basedOnly users belonging to assigned groups can see and use this registry

Impact on Scenario Selection

When a user selects a private registry during scenario execution, only the scenarios that have been mirrored to that registry will be available. Scenarios not present in the private registry will not appear in the selection list.

4 - Provider Configuration

Configure target providers for cluster discovery

Provider Configuration Admin

Configure target providers that integrate with external cluster management platforms. The provider configuration interface adapts dynamically based on the selected provider.


Supported Providers

ProviderDescription
ACM / OCMAutomatically discover and synchronize managed Kubernetes clusters through Red Hat Advanced Cluster Management or Open Cluster Management

ACM Provider Configuration