From datum-platform
Provides high-level understanding of the Datum Cloud platform architecture. Use when onboarding to the codebase, understanding the system structure, or learning about multi-tenancy, resource hierarchy, and service architecture.
npx claudepluginhub datum-cloud/claude-code-plugins --plugin datum-platformThis skill uses the workspace's default tool permissions.
This skill provides high-level understanding of the Datum Cloud platform architecture.
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
This skill provides high-level understanding of the Datum Cloud platform architecture.
Datum Cloud is a multi-tenant cloud platform built on Kubernetes primitives. The control plane is Milo — an extensible multi-tenant control plane built with the Kubernetes API library.
Organization
└── Project
└── Resources (service-specific)
Top-level tenant boundary. Contains:
Workload isolation within an organization. Contains:
Every API request carries tenant context:
Some platform operations span tenants:
Services in Datum Cloud follow a consistent pattern:
Each service is a Kubernetes aggregated API server that:
Datum Cloud services can use either approach to integrate with the control plane:
The choice depends on two primary factors:
| Factor | Use Aggregated API Server | Use Controller-Runtime |
|---|---|---|
| Storage | Need custom backend (database, external system) | etcd is sufficient |
| API Control | Need custom subresources, streaming, or fine-grained request handling | Standard CRUD semantics |
For detailed guidance: Read k8s-apiserver-patterns/architecture-decision.md which covers:
Services use the pattern: {service}.miloapis.com
Examples:
resourcemanager.miloapis.com — Organizations and projectsiam.miloapis.com — Identity and access managementactivity.miloapis.com — Activity timelinesinsights.miloapis.com — Proactive issue detectionquota.miloapis.com — Resource quota enforcementResources follow Kubernetes conventions:
VirtualMachine)virtualmachines)vm)The platform uses a Kubernetes-native IAM system. Key concepts:
| Resource | Purpose |
|---|---|
ProtectedResource | Declares a resource type and its permissions |
Role | Collection of permissions that can be granted |
PolicyBinding | Binds a role to users/groups on a resource |
User | Platform user identity |
Group | Collection of users |
Permissions flow down the resource hierarchy:
Read milo-iam/SKILL.md for comprehensive IAM documentation.
Every service can integrate with these platform capabilities:
| Capability | Purpose | Integration Point |
|---|---|---|
| IAM | Authorization | ProtectedResource + Role definitions |
| Quota | Limit resource consumption | Admission control |
| Insights | Proactive issue detection | InsightPolicy resources |
| Telemetry | Observability data | Metrics, traces, logs |
| Activity | Audit trail | ActivityPolicy resources |
Read the individual capability skills for integration details.
services-catalog.md — Catalog of platform services