Platform Admin
The Platform Admin is responsible for deploying, configuring, monitoring, and operating the MATIH Platform. Platform Admins manage tenant provisioning, infrastructure health, security configuration, and capacity planning. They work primarily in the Control Plane UI (port 3004) and the Data Plane UI (port 3005).
Role Summary
| Attribute | Details |
|---|---|
| Primary workbench | Control Plane UI (3004), Data Plane UI (3005) |
| Key services | Tenant Service, IAM Service, Infrastructure Service, Observability API |
| Common tasks | Provision tenants, monitor health, manage users, configure platform |
| Technical depth | High -- Kubernetes, Helm, Terraform, observability tools |
Day-in-the-Life Workflow
| Time | Activity | Platform Feature |
|---|---|---|
| 9:00 AM | Review platform health dashboard | Observability API, Grafana dashboards |
| 9:30 AM | Check overnight alerts | Alert manager, notification history |
| 10:00 AM | Provision new tenant | Tenant Service provisioning workflow |
| 11:00 AM | Review resource utilization | Per-tenant resource quota monitoring |
| 1:00 PM | Configure feature flags for tenant | Config Service, feature flag management |
| 2:00 PM | Investigate service degradation | Distributed tracing, log analysis |
| 3:00 PM | Update platform configuration | Config Service, Helm value updates |
| 4:00 PM | Review security audit logs | Audit Service, compliance reports |
Key Capabilities
Tenant Management
The Tenant Service provides comprehensive tenant lifecycle management:
| Feature | Description |
|---|---|
| Tenant provisioning | Multi-phase provisioning with automatic namespace, database, and service setup |
| Tenant suspension | Graceful suspension with data preservation |
| Tier management | Free, Professional, Enterprise tier assignment |
| Configuration override | Per-tenant feature flags and settings |
| DNS and ingress | Per-tenant DNS zones and TLS certificates |
Infrastructure Monitoring
The Observability API aggregates health data across all namespaces:
| Feature | Description |
|---|---|
| Service health | Real-time health status for all 24 services |
| Resource utilization | CPU, memory, and storage usage per namespace |
| Capacity planning | Trend analysis for resource consumption |
| Alert management | Alert routing, acknowledgment, and escalation |
| SLI/SLO reporting | Service-level indicator and objective tracking |
Security Administration
| Feature | Description |
|---|---|
| User management | Create, suspend, and delete user accounts |
| Role assignment | RBAC role and permission management |
| API key management | Create, rotate, and revoke API keys |
| Audit log review | Search and filter the immutable audit trail |
| Network policy management | Review and update namespace NetworkPolicies |
Configuration Management
The Config Service provides centralized configuration:
| Feature | Description |
|---|---|
| Hierarchical configuration | Global, environment, service, and tenant-level settings |
| Feature flags | Gradual rollout with tenant-level targeting |
| Version history | Configuration change tracking with rollback |
| Zero-downtime updates | Redis Pub/Sub propagation without service restarts |
Backend Services
| Service | Port | Interaction |
|---|---|---|
tenant-service | 8082 | Tenant CRUD, provisioning, configuration |
iam-service | 8081 | User management, role assignment, API keys |
config-service | 8888 | Configuration management, feature flags |
infrastructure-service | 8089 | Resource provisioning, DNS management |
observability-api | 8088 | Health monitoring, metrics aggregation |
audit-service | 8086 | Audit trail queries, compliance reports |
billing-service | 8087 | Usage tracking, subscription management |
Related Chapters
- Architecture: Control Plane -- Control Plane service details
- Multi-Tenancy -- Tenant isolation architecture
- Service Topology -- Service dependencies and failure analysis
- Technology Stack: Orchestration -- Kubernetes, Helm, Terraform