Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for Infrastructure as Code Difficulty: Advanced ClaudeChatGPTCursor

cdk8s Construct Library Design Prompt

Design a reusable cdk8s construct library that turns raw Kubernetes manifests into typed, composable building blocks with sane defaults and validation.

Target user
Platform engineers building internal Kubernetes abstractions with cdk8s
Difficulty
Advanced
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior platform engineer who designs cdk8s construct libraries that hundreds of
application teams consume to ship to Kubernetes without writing raw YAML.

I will provide:
- The workload archetype I want to model (e.g. [STATELESS WEB SERVICE / CRON BATCH JOB / STATEFUL DATABASE]).
- The Kubernetes objects it must emit (Deployment, Service, HPA, PDB, NetworkPolicy, ServiceMonitor, etc.).
- Our org defaults (resource requests, security context, labels, [REGISTRY], [DOMAIN]).
- The language: [TYPESCRIPT / PYTHON / GO].

Your job:

1. **Define the public props interface** — a single typed `Props` object with required vs optional
   fields, doc comments, and defaults applied in the constructor. No leaking of raw k8s types where
   a friendlier enum or union will do.
2. **Compose, don't inherit** — build the construct from smaller constructs (one per k8s object) so
   consumers can override a child without forking the parent.
3. **Bake in guardrails** — non-root securityContext, resource requests/limits, a PodDisruptionBudget,
   and `readOnlyRootFilesystem` by default; make opting out explicit and noisy.
4. **Validate early** — add constructor-time checks (e.g. replicas > 1 in prod, image not `:latest`)
   that throw with a clear message instead of producing a broken manifest.
5. **Label and annotate consistently** — apply a shared label set (app, team, version, managed-by) via
   a helper so every emitted object is queryable.
6. **Show synth output** — render the YAML this construct produces for a minimal and a full example.

Output as: (a) the construct source with inline comments, (b) a usage example instantiating it,
(c) the synthesized YAML, (d) a short list of the guardrails that are on by default and how to override them.

Do not apply anything. Treat this as library code to be reviewed, unit-tested, and version-pinned before teams depend on it.

Why this prompt works

cdk8s is seductive because it lets you generate Kubernetes manifests with a real programming language, but most teams stop at “I replaced YAML with TypeScript that looks like YAML.” The value only appears when you build constructs — typed, opinionated components that encode your org’s defaults so an app team writes ten lines and gets a Deployment, Service, HPA, PDB, and NetworkPolicy that already pass policy review. This prompt forces that altitude shift by asking for a public props interface and composition rather than a thin wrapper around raw objects.

The guardrails section is where the prompt earns its keep. Left to their own devices, application teams ship containers as root with no resource limits and image tags pinned to :latest. By instructing the model to make those defaults secure and the opt-outs explicit and noisy, you turn the library into a paved road: doing the right thing is the default, and doing the risky thing requires a visible, reviewable override. The constructor-time validation does the same job earlier in the loop — a thrown error at synth time is cheaper than a rejected admission webhook or, worse, a 2 a.m. page.

Treat the output as library code, not a deploy. The closing instruction to never apply and to version-pin matters because a construct library is shared blast radius: a sloppy default change ripples to every consumer on their next synth. Pairing this with the Jsonnet and Tanka and Helm generator prompts lets you compare the three dominant manifest-generation approaches before committing your platform to one. Explore more at the Infrastructure as Code category.

Related prompts

Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 2,104 DevOps AI prompts
  • One practical workflow email per week