Back to Details

platform-constitution

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Platform Constitution

平台工程章程

Use this skill to generate a 
Platform-Engineering-Constitution.md
that codifies your organization's platform engineering standards.
使用此技能生成
Platform-Engineering-Constitution.md
文件,将您组织的平台工程标准以书面形式确定下来。

Workflow

工作流程

  1. Check for existing constitution. Look for a 
    Platform-Engineering-Constitution.md
    in the repository root or docs directory. If one exists, ask the user whether to update it or start fresh. Never overwrite without explicit approval.
  2. Gather organizational context by asking the user each of the following questions, one at a time. Accept their answers and move to the next question. Do not assume defaults.
  3. Load relevant references from the reference files linked below based on the answers given (e.g., if Azure is selected, load 
    azure-governance.md
    ).
  4. Generate the constitution as a 
    Platform-Engineering-Constitution.md
    file in the repository root.
  5. Review with the user. Present the generated document and ask for feedback before finalizing.
  1. 检查现有章程:在仓库根目录或docs目录中查找
    Platform-Engineering-Constitution.md
    文件。如果存在,询问用户是要更新它还是重新创建。未经明确批准,绝不能覆盖现有文件。
  2. 收集组织上下文信息:依次向用户询问以下每个问题,一次一个。接收用户的回答后再进入下一个问题,不要假设默认值。
  3. 加载相关参考资料:根据用户的回答,从下方链接的参考文件中加载相关内容(例如,如果选择了Azure,则加载
    azure-governance.md
    )。
  4. 生成章程文件:在仓库根目录中生成
    Platform-Engineering-Constitution.md
    文件。
  5. 与用户一起审核:展示生成的文档,在最终确定前询问用户的反馈意见。

Data Gathering Questions

数据收集问题

Ask these questions interactively, one at a time:
请交互式地依次询问以下问题:

Organization Identity

组织标识

  • Organization name: What is your organization name?
  • 组织名称:您的组织名称是什么?

Cloud Providers

云服务商

  • Cloud providers: What cloud providers does your organization use? (Azure, AWS, GCP, other)
  • For each selected provider, note any specific services or constraints.
  • 云服务商:您的组织使用哪些云服务商?(Azure、AWS、GCP、其他)
  • 对于每个选中的服务商,记录任何特定的服务或限制条件。

Compute Platform

计算平台

  • Compute targets: What compute platform(s) do you target? (Kubernetes, VMs, serverless, container apps, other)
  • If Kubernetes: managed (AKS, EKS, GKE) or self-managed? What version constraints?
  • 计算目标:您的目标计算平台是什么?(Kubernetes、VM、无服务器、容器应用、其他)
  • 如果是Kubernetes:是托管版(AKS、EKS、GKE)还是自托管版?有哪些版本限制?

Infrastructure Policies

基础设施策略

  • Existing policies: Do you have existing infrastructure policies to import? (e.g., Azure Policy, AWS Config, OPA/Gatekeeper, Kyverno)
  • If yes, ask for the location or format of these policies and incorporate their intent into the constitution.
  • 现有策略:您是否有需要导入的现有基础设施策略?(例如Azure Policy、AWS Config、OPA/Gatekeeper、Kyverno)
  • 如果有,询问这些策略的位置或格式,并将其核心要求纳入章程中。

Infrastructure as Code

基础设施即代码(IaC)

  • IaC tooling: What IaC tooling does your platform team use? (Terraform, Bicep, Pulumi, CloudFormation, CDK, other)
  • Approved modules: Where are your approved IaC modules stored? (e.g., GitHub org, Terraform registry, internal registry)
  • Module standards: Any conventions for module structure, naming, or versioning?
  • IaC工具:您的平台团队使用哪些IaC工具?(Terraform、Bicep、Pulumi、CloudFormation、CDK、其他)
  • 已批准模块:您的已批准IaC模块存储在哪里?(例如GitHub组织、Terraform注册表、内部注册表)
  • 模块标准:模块结构、命名或版本控制有哪些规范?

Additional Constraints

其他限制条件

  • Regions: What cloud regions are approved for deployment?
  • Compliance frameworks: Any compliance requirements? (SOC 2, HIPAA, FedRAMP, PCI-DSS, ISO 27001, other)
  • Naming conventions: Do you have naming conventions for cloud resources?
  • Tagging/labeling: Required tags or labels for cloud resources?
  • Network topology: Any network architecture constraints? (hub-spoke, mesh, VPN requirements)
  • Secret management: How are secrets managed? (Key Vault, Secrets Manager, Vault, other)
  • 区域:哪些云区域被批准用于部署?
  • 合规框架:有哪些合规要求?(SOC 2、HIPAA、FedRAMP、PCI-DSS、ISO 27001、其他)
  • 命名规范:您是否有云资源的命名规范?
  • 标签/标记:云资源是否有必填的标签或标记?
  • 网络拓扑:有哪些网络架构限制?(中心辐射型、网格、VPN要求)
  • 密钥管理:如何管理密钥?(Key Vault、Secrets Manager、Vault、其他)

Output Format

输出格式

Generate a 
Platform-Engineering-Constitution.md
with the following structure:
markdown
undefined
生成的
Platform-Engineering-Constitution.md
文件应具有以下结构:
markdown
undefined

Platform Engineering Constitution — {Organization Name}

Platform Engineering Constitution — {Organization Name}

1. Organization Overview

1. 组织概述

Brief description of the organization and purpose of this document.
组织的简要介绍以及本文档的目的。

2. Cloud Providers

2. 云服务商

  • Approved providers and their primary use cases
  • Provider-specific constraints or preferences
  • 已批准的服务商及其主要用例
  • 服务商特定的限制或偏好

3. Compute Platform

3. 计算平台

  • Target compute platforms and configurations
  • Version constraints and upgrade policies
  • 目标计算平台及配置
  • 版本限制和升级策略

4. Infrastructure Policies

4. 基础设施策略

  • Imported policy summaries
  • Governance requirements
  • Compliance framework alignment
  • 导入的策略摘要
  • 治理要求
  • 合规框架对齐情况

5. Infrastructure as Code

5. 基础设施即代码(IaC)

  • Approved IaC tooling
  • Module source locations and conventions
  • Module structure and versioning standards
  • 已批准的IaC工具
  • 模块源位置和规范
  • 模块结构和版本控制标准

6. Deployment Standards

6. 部署标准

  • Approved regions
  • Naming conventions
  • Required tags and labels
  • 已批准的区域
  • 命名规范
  • 必填标签和标记

7. Network Architecture

7. 网络架构

  • Network topology requirements
  • Connectivity constraints
  • 网络拓扑要求
  • 连接限制

8. Security & Secrets

8. 安全与密钥

  • Secret management approach
  • Access control requirements
  • 密钥管理方法
  • 访问控制要求

9. Appendix

9. 附录

  • Links to referenced policies
  • Change log
undefined
  • 参考策略的链接
  • 变更日志
undefined

References

参考资料

TopicReferenceUse for
Azure Governancereferences/azure-governance.mdAzure Policy, landing zones, resource organization
AWS Governancereferences/aws-governance.mdAWS Config, Control Tower, Organizations
Kubernetes Best Practicesreferences/kubernetes-best-practices.mdK8s standards, RBAC, resource quotas
Terraform Conventionsreferences/terraform-conventions.mdModule structure, state management, CI/CD
IaC Module Standardsreferences/iac-module-standards.mdModule versioning, testing, documentation
Policy Import Guidereferences/policy-import-guide.mdImporting Azure Policy, AWS Config, OPA rules
主题参考链接用途
Azure Governancereferences/azure-governance.mdAzure Policy、登陆区域、资源组织
AWS Governancereferences/aws-governance.mdAWS Config、Control Tower、Organizations
Kubernetes Best Practicesreferences/kubernetes-best-practices.mdK8s标准、RBAC、资源配额
Terraform Conventionsreferences/terraform-conventions.md模块结构、状态管理、CI/CD
IaC Module Standardsreferences/iac-module-standards.md模块版本控制、测试、文档
Policy Import Guidereferences/policy-import-guide.md导入Azure Policy、AWS Config、OPA规则

Guardrails

防护规则

  • Never assume answers. Always ask the user. Do not fill in defaults for cloud providers, regions, tooling, or policies.
  • Never overwrite an existing constitution without explicit user approval. Offer to update or diff instead.
  • Confirm before generating. Summarize all gathered data and get user confirmation before writing the file.
  • Be provider-neutral. Support multi-cloud setups without bias toward any single provider.
  • Flag gaps. If the user skips questions, note them as "TBD" in the output and recommend revisiting.
  • Respect existing conventions. If the user has existing standards, incorporate rather than replace them.
  • 绝不假设答案:始终询问用户。不要为云服务商、区域、工具或策略填充默认值。
  • 绝不覆盖现有章程:未经用户明确批准,绝不能覆盖现有章程。而是提供更新或差异对比的选项。
  • 生成前确认:汇总所有收集到的数据,在写入文件前获得用户的确认。
  • 保持服务商中立:支持多云部署,不偏向任何单一服务商。
  • 标记空白项:如果用户跳过某些问题,在输出中标记为“待确定(TBD)”,并建议后续补充。
  • 尊重现有规范:如果用户已有现有标准,应将其纳入而非替换。