ChatGPT Prompts for DevOps & SRE

<context> CI platform: [GITHUB ACTIONS / GITLAB CI / CIRCLECI] App: [LANGUAGE + FRAMEWORK, e.g. Node 20 + Next.js] Build artifact: [DOCKER IMAGE / STATIC BUNDLE / JAR] Deploy target: [ECS / KUBERNETES / VERCEL / SSH HOST] Environments: [dev, staging, prod] Secrets store: [GITHUB SECRETS / VAULT / AWS SSM] </context> <task> Write a complete, production-ready pipeline config as a single file I can commit. 1. Trigger on push to main and on pull_request. 2. Stages: lint, test (with cache for deps), build, security scan, deploy. 3. Cache dependencies and the build layer to cut runtime. 4. Gate deploy to prod behind a manual approval and a successful staging deploy. 5. Inject secrets from the named store — never hardcode them. 6. Add concurrency control so superseded runs are cancelled. Output the full YAML, then a 3-bullet summary of what each stage does and any assumptions you made. </task>

<context> CI platform: [GITHUB ACTIONS / GITLAB CI] Failing job: [JOB NAME] Error log (paste raw): [PASTE THE LAST 50 LINES OF THE FAILED LOG] What changed recently: [DEPENDENCY BUMP / CONFIG EDIT / NONE] </context> <task> Diagnose why this CI job is failing. 1. Identify the single root cause from the log, quoting the exact line. 2. List 2-3 plausible alternative causes and how to rule each out. 3. Give the precise fix as a code or config diff. 4. Suggest one guardrail (a test, a lint rule, a cache key change) that prevents this class of failure. Be concrete — no generic 'check your dependencies' advice. </task>

<context> Repo: [LANGUAGE + TEST FRAMEWORK] Current coverage: [NUMBER]% or unknown CI platform: [PLATFORM] Risk areas: [PAYMENTS / AUTH / DATA MIGRATION] </context> <task> Design a quality gate strategy for our pipeline. 1. Recommend which test tiers to run on PRs vs nightly (unit, integration, e2e, smoke). 2. Define a coverage threshold and how to enforce it without blocking every PR. 3. Add a fast 'changed-files-only' test path so PRs stay quick. 4. Specify what should hard-fail the build vs warn. Output the CI config snippet plus a short rationale for each gate. </task>

<context> App: [SERVICE NAME + RUNTIME] Orchestrator: [KUBERNETES / ECS / NOMAD] Traffic router: [INGRESS-NGINX / ISTIO / ALB / FLAGGER] Rollback SLA: [e.g. under 2 minutes] </context> <task> Design a progressive delivery strategy for this service. 1. Recommend blue-green vs canary for our setup and justify it. 2. Define the traffic-shift steps (e.g. 5% then 25% then 100%) with promotion criteria. 3. List the metrics that must stay green to auto-promote and the thresholds that trigger auto-rollback. 4. Provide the config for the chosen router and a manual rollback command. Keep it specific to the named orchestrator and router. </task>

<context> Repo style: [MONOREPO / SINGLE PACKAGE] Language/ecosystem: [NODE / GO / PYTHON] Versioning: [SEMVER / CALVER] Registry: [NPM / GHCR / DOCKER HUB] </context> <task> Build an automated release workflow. 1. Choose a versioning approach (semantic-release, changesets, or conventional commits) and explain why for our setup. 2. Generate the CI config that bumps version, builds, tags, and publishes on merge to main. 3. Auto-generate a CHANGELOG from commit history. 4. Create a draft GitHub Release with the notes attached. Output the workflow file plus the commit-message convention contributors must follow. </task>

<context> Cloud: [AWS / GCP / AZURE] Resource to provision: [e.g. VPC + ECS Fargate service + ALB] Environments: [dev, staging, prod] State backend: [S3 + DYNAMODB / GCS / TERRAFORM CLOUD] Naming convention: [e.g. {env}-{service}-{resource}] </context> <task> Write a reusable Terraform module for this infrastructure. 1. Structure it as main.tf, variables.tf, outputs.tf with sensible variable defaults. 2. Parameterize anything that differs per environment. 3. Tag every resource with environment, owner, and cost-center variables. 4. Configure the named remote state backend with locking. 5. Add input validation blocks on critical variables. Output each file in a separate code block and a one-line usage example. </task>

<context> Cloud: [AWS / GCP / AZURE] Terraform (paste): [PASTE YOUR .tf FILES OR PLAN OUTPUT] Compliance needs: [SOC2 / HIPAA / NONE] </context> <task> Audit this Terraform for security and reliability issues. 1. Flag public exposure (open security groups, public buckets, 0.0.0.0/0 rules) with the exact resource and line. 2. Check encryption at rest and in transit on every storage and DB resource. 3. Identify hardcoded secrets or values that should be variables. 4. Note missing lifecycle rules (prevent_destroy on stateful resources, ignore_changes where needed). 5. Rank findings by severity and give the fix diff for each. Be specific to the resources shown — do not invent issues. </task>

<context> Cloud: [AWS / GCP / AZURE] What I built by hand in the console: [DESCRIBE THE RESOURCES, OR PASTE describe/show CLI OUTPUT] State backend: [BACKEND] </context> <task> Help me codify this click-ops infrastructure into Terraform. 1. Produce the Terraform resource blocks that match what I described. 2. List the exact 'terraform import' commands to adopt the existing resources without recreating them. 3. Flag any settings I likely forgot to mention (defaults the console set silently). 4. Warn me about any resource that import does not support cleanly. Give me the import commands in the safe order to run them. </task>

<context> Cloud: [CLOUD] Environments: [dev, staging, prod] Team size: [SMALL / MEDIUM / LARGE] Current pain: [COPY-PASTED FOLDERS / DRIFT / SLOW APPLIES] </context> <task> Recommend a Terraform repo structure for multiple environments. 1. Compare workspaces vs directory-per-env vs Terragrunt for our team size and pick one. 2. Show the resulting folder tree. 3. Explain how shared modules, per-env variables, and state are separated. 4. Describe the apply workflow (who runs what, in what order) and how prod is protected. Justify the trade-offs — do not just give the most popular answer. </task>

<context> Terraform plan output (paste): [PASTE FULL terraform plan OUTPUT] Change I intended: [WHAT I MEANT TO CHANGE] </context> <task> Explain this plan in plain language before I apply. 1. Summarize every create, update, and especially destroy/replace in one line each. 2. Flag any resource being replaced (destroyed and recreated) and what data loss or downtime that risks. 3. Tell me whether the plan matches my stated intent or if there is unexpected drift. 4. Give a go / no-go recommendation with reasoning. Highlight destructive changes in bold at the top. </task>

<context> App: [LANGUAGE + FRAMEWORK + VERSION] Build step: [e.g. npm run build / go build / pip install] Runtime port: [PORT] Constraints: [SMALL IMAGE / NON-ROOT REQUIRED / DISTROLESS] </context> <task> Write an optimized, secure Dockerfile for this app. 1. Use a multi-stage build to keep the final image minimal. 2. Run as a non-root user and set a read-only filesystem where possible. 3. Order layers for maximum cache reuse (dependencies before source). 4. Add a HEALTHCHECK and pin the base image to a digest, not a floating tag. 5. Document the final image size estimate and what each stage does. Output the Dockerfile, a matching .dockerignore, and the build command. </task>

<context> Service: [NAME + RUNTIME] Image: [REGISTRY/IMAGE:TAG] Replicas: [NUMBER] Resource needs: [CPU/MEM REQUESTS + LIMITS, or unknown] Exposure: [INTERNAL / PUBLIC VIA INGRESS] Config source: [CONFIGMAP / SECRET / ENV] </context> <task> Generate complete Kubernetes manifests for this service. 1. Deployment with resource requests/limits, liveness and readiness probes. 2. Service and (if public) an Ingress with the correct annotations. 3. ConfigMap and Secret references — never inline secret values. 4. A PodDisruptionBudget and an HPA based on CPU/memory. 5. securityContext: non-root, drop all capabilities, read-only root FS. Output each manifest separately and note any value I should tune. </task>

<context> Symptom: [CrashLoopBackOff / ImagePullBackOff / OOMKilled / Pending] kubectl describe output (paste): [PASTE kubectl describe pod OUTPUT] Logs (paste): [PASTE kubectl logs --previous OUTPUT] </context> <task> Diagnose why this pod is not running. 1. State the single most likely cause, quoting the events or log line that proves it. 2. Give the exact kubectl commands to confirm the diagnosis. 3. Provide the fix — manifest change, resource bump, or image correction — as a diff. 4. If it is OOMKilled or resource-related, recommend specific requests/limits. No generic checklists — diagnose from the pasted output. </task>

<context> Workload: [SERVICE NAME] Observed usage (paste from metrics): [PASTE kubectl top / PROMETHEUS p95 CPU & MEM] Current requests/limits: [VALUES OR none] Goal: [STABILITY / DENSITY / COST] </context> <task> Right-size this workload's resources. 1. Recommend requests and limits from the observed p95/p99 usage, with headroom. 2. Explain the QoS class the result lands in and whether that fits the goal. 3. Flag if limits risk CPU throttling or OOM kills. 4. Suggest whether an HPA or VPA is the better autoscaler here. Show the resources block ready to paste into the manifest. </task>

<context> Tooling: [HELM / KUSTOMIZE] Base service: [DESCRIBE OR PASTE EXISTING MANIFESTS] Environments needing overrides: [dev, staging, prod] Values that differ per env: [REPLICAS, IMAGE TAG, RESOURCES, INGRESS HOST] </context> <task> Templatize this service for multiple environments. 1. For Helm: produce Chart.yaml, values.yaml, and templated manifests with the per-env values exposed. 2. For Kustomize: produce a base plus one overlay per environment with patches. 3. Keep secrets out of values — reference an external secret source. 4. Show the install/apply command for each environment. Use the tool I named and explain any non-obvious templating choice. </task>