TESTED

AI Coding Assistant for Docker & DevOps Automation

Can an AI coding assistant handle Docker and DevOps work? I tested it on writing Dockerfiles, setting up CI/CD pipelines, generating docker-compose configs, and writing Kubernetes manifests. Here's what the AI got right, where it stumbled, and the exact prompts that produced usable output.

FreeLast tested: 2026-07-02Audience: DevOps engineers, developers

Why DevOps Is a Natural Fit for AI Coding Assistants

DevOps configuration files — Dockerfiles, CI/CD pipelines, Kubernetes manifests — are highly repetitive and follow well-documented patterns. An AI coding assistant trained on millions of public repositories has seen countless Dockerfile examples, GitHub Actions YAML files, and docker-compose templates. This makes DevOps one of the highest-ROI use cases for AI-assisted development.

Unlike application business logic, where the AI needs deep context about your specific codebase, infrastructure files are largely self-contained. A one-shot prompt with your requirements (base image, dependencies, ports) is often enough to produce a working Dockerfile on the first try.

We tested three AI coding assistants — Claude Code, Cursor, and GitHub Copilot — on four common DevOps tasks. The results were consistent across all three, with minor differences in output formatting.

Dockerfile Generation from Scratch

We started with the most common task: generating a production-ready Dockerfile for a Python FastAPI application with PostgreSQL dependencies.

The prompt we used:

Write a production-grade multi-stage Dockerfile for a Python FastAPI app. Requirements: - Base: python:3.12-slim - Dependencies: fastapi, uvicorn, sqlalchemy, asyncpg, pydantic - Build stage: install build dependencies (gcc, libpq-dev), pip install, then copy only runtime deps - Runtime stage: use non-root user, expose port 8000, health check every 30s - Include docker-compose.yml with PostgreSQL 16 and a volume for data persistence

The AI returned a solid multi-stage build with correct caching layers. The docker-compose file included a separate service for PostgreSQL with a named volume — no manual edits needed to get docker compose up running. The only miss: it omitted the --no-cache-dir flag in pip install, a minor hygiene issue.

Verdict: Dockerfile generation is the strongest use case. 9 out of 10 one-shot prompts produced a buildable image.

CI/CD Pipeline with GitHub Actions

Next we asked the AI to generate a CI/CD pipeline for a monorepo with a Python backend and a React frontend, including linting, testing, building, and deploying to a VPS via SSH.

Write a GitHub Actions workflow for a monorepo with: - Python backend (FastAPI) + React frontend in /frontend - On push to main: run lint (ruff, eslint), run tests (pytest, vitest) - On success: build Docker images, push to Docker Hub, deploy via SSH - On PR: only lint and test, skip deploy - Cache pip and node_modules between runs

The output was a complete .github/workflows/deploy.yml with four jobs split across a dependency graph. Caching was correctly configured with actions/cache for both pip and npm. The SSH deploy step used appleboy/ssh-action with the right parameters. One issue: the AI assumed Docker Hub credentials were pre-configured as secrets without specifying which secret names to use — a small gap we had to fill in manually.

Verdict: Strong for standard CI/CD patterns. The AI knows the common action ecosystem well. For non-standard deployment targets (e.g., custom rsync scripts), expect more manual editing.

Kubernetes Manifests — Mixed Results

Kubernetes manifests proved to be the hardest category. We asked for a Deployment + Service + Ingress for the same FastAPI app, plus a ConfigMap for environment variables.

Generate Kubernetes manifests for a FastAPI app: - Deployment: 3 replicas, resource limits (512Mi RAM, 500m CPU), rolling update - Service: ClusterIP on port 80, targeting container port 8000 - Ingress: path-based routing for api.example.com, TLS with cert-manager - ConfigMap: DATABASE_URL, REDIS_URL, LOG_LEVEL=info

The AI produced syntactically correct YAML that passed kubectl apply --dry-run=client. The Ingress manifest used networking.k8s.io/v1 (correct for modern clusters) and included proper TLS configuration. However, the resource limits were too conservative — 512Mi RAM is adequate for development but tight for production FastAPI with PostgreSQL connection pooling. The readiness probe was also missing; the AI only generated a liveness probe.

TaskFirst-Shot QualityManual Edits Needed
DockerfileExcellent0–1 minor edits
docker-composeExcellent0 edits typical
CI/CD pipelineGood1–2 edits (secrets naming, branch filters)
Kubernetes manifestsModerate2–4 edits (probes, resource tuning, labels)

Verdict: Kubernetes is the weakest area. The AI knows the syntax but misses production-hardening details. Use it as a starting point, not a finished artifact.

Prompt Patterns That Work

Through testing, we found three prompt patterns that consistently produced better DevOps output:

1. Specify the Exact Base Image and Version

Without a pinned version, the AI defaults to latest (e.g., node:latest), which breaks reproducibility. Always include the specific tag.

# Instead of: Write a Dockerfile for a Node.js app # Write: Write a Dockerfile for a Node.js 22 Alpine app with pnpm

2. Ask for Production Hardening

The default output skips non-root users, health checks, and resource limits unless explicitly requested. Add a "production-grade" qualifier.

3. Request Multi-File Output in One Prompt

The AI produces more consistent results when you ask for Dockerfile + docker-compose + .dockerignore together in a single prompt, because it cross-references service names and port mappings.

Limits and Notes

The AI excels at generating fresh config files from a clear spec, but struggles with modifying existing complex setups. If your docker-compose.yml already has 12 services with custom networks and volume mounts, asking the AI to "add a Redis cache service" produces output that doesn't integrate cleanly. You're better off writing the integration yourself or providing the full file context in the prompt.

Security is another gap. The AI never suggests Docker Content Trust, image signing, or vulnerability scanning in CI. These are things you have to add yourself. Treat the generated output as a first draft that needs a security review before hitting production.