diff --git a/docs/learn/1007-kubernetes.md b/docs/learn/1007-kubernetes.md
index 9343c123..ae30ac8e 100644
--- a/docs/learn/1007-kubernetes.md
+++ b/docs/learn/1007-kubernetes.md
@@ -749,52 +749,7 @@ todoApp: {
   </TabItem>
   <TabItem value="eks">
 
-```cue title="todoapp/kube/todoapp.cue"
-package main
-
-import (
-  "alpha.dagger.io/dagger"
-  "alpha.dagger.io/docker"
-  "alpha.dagger.io/kubernetes"
-)
-
-// input: source code repository, must contain a Dockerfile
-// set with `dagger input dir repository . -e kube`
-repository: dagger.#Artifact & dagger.#Input
-
-// ECR registry to push images to
-registry: string & dagger.#Input
-tag:      "test-ecr"
-
-// Todoapp deployment pipeline
-todoApp: {
-  // Build the image from repositoru artifact
-  image: docker.#Build & {
-    source: repository
-  }
-
-  // Push image to registry
-  remoteImage: docker.#Push & {
-    target: "\(registry):\(tag)"
-    source: image
-    auth: {
-      username: ecrCreds.username
-      secret:   ecrCreds.secret
-    }
-  }
-
-  // Generate deployment manifest
-  deployment: #AppManifest & {
-    name:  "todoapp"
-    image: remoteImage.ref
-  }
-
-  // Deploy the customized manifest to a kubernetes cluster
-  kubeSrc: kubernetes.#Resources & {
-    "kubeconfig": kubeconfig
-    manifest:     deployment.manifest
-  }
-}
+```cue file=tests/kube-aws/cue-manifest/todoapp.cue title="todoapp/kube/todoapp.cue"
 ```
 
   </TabItem>
diff --git a/docs/learn/tests/.dagger/env/kube-aws-cue-manifest/.gitignore b/docs/learn/tests/.dagger/env/kube-aws-cue-manifest/.gitignore
new file mode 100644
index 00000000..01ec19b0
--- /dev/null
+++ b/docs/learn/tests/.dagger/env/kube-aws-cue-manifest/.gitignore
@@ -0,0 +1,2 @@
+# dagger state
+state/**
diff --git a/docs/learn/tests/.dagger/env/kube-aws-cue-manifest/values.yaml b/docs/learn/tests/.dagger/env/kube-aws-cue-manifest/values.yaml
new file mode 100644
index 00000000..0c73e6d2
--- /dev/null
+++ b/docs/learn/tests/.dagger/env/kube-aws-cue-manifest/values.yaml
@@ -0,0 +1,32 @@
+plan:
+    package: ./kube-aws/cue-manifest/test
+name: kube-aws-cue-manifest
+inputs:
+    awsConfig.accessKey:
+        secret: ENC[AES256_GCM,data:8R6jJAqkACa/ydy52etCUA+7cWg=,iv:74nd15ckbDG3dTWL8fCMU0FGrCuBqjgIbYWq+h/UBKQ=,tag:zwZruKi+4zI2tS2F2wJ8NQ==,type:str]
+    awsConfig.region:
+        text: us-east-2
+    awsConfig.secretKey:
+        secret: ENC[AES256_GCM,data:8FNwXL/yDFfPR9YUqKanI6CpDMl0/Ww8Pmgy4ol1n4KDpBRJAsOrZA==,iv:Y6ak40j4yXnpa8BY3BfALmlcD16DrkjcAr2hiM7cots=,tag:69qocIvAajjdQUpl1M1jXw==,type:str]
+    eksConfig.clusterName:
+        text: dagger-example-eks-cluster
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTXl1TDJ3cituU3NicnFR
+            Tm0wTjducEdPL0FyWHBqcmEwV01aUmNsc0RBCjlNNGIxOTZBaElMRFZ1bjh4dWc1
+            REJqcy9UMkVBVnFDOHZPYkt3S1NYSU0KLS0tIGFwZVlLMGNINmZzdURDbnY1RStI
+            S25tM1I0ZWp1MndzNFNhcHRiQUdpME0K91dMEF9zxHjAtMEryPKiM+hMJ5OiKGPK
+            aWSQVu06LLBFW5txr+U55WlCGPL484xjw1/Axd3ADq0I9AjnuB3aAQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2021-08-16T21:24:58Z"
+    mac: ENC[AES256_GCM,data:rVdRHU252Dsp4YTofv3v3L5k/W0d09LEENHCEFrjSnTOuibIBWi/7nVADlBBx8PEfhofHTHIEtnIg6dtVaOlIBAd9Co/wljoaU5mVGNdWuQOpN7ttGlG9BHXDR96+Gvp0hT0lY9hK3LKPBcxzzXizFGiaPGqkaPfj8Sxg42eqMA=,iv:76wENP19U76rW24A0QNLue2cZnWosMieveUqHyLFSpo=,tag:pAvNkVcFYIed3Q/ldMcYyg==,type:str]
+    pgp: []
+    encrypted_suffix: secret
+    version: 3.7.1
diff --git a/docs/learn/tests/doc.bats b/docs/learn/tests/doc.bats
index 6ec13d77..4078eb99 100644
--- a/docs/learn/tests/doc.bats
+++ b/docs/learn/tests/doc.bats
@@ -146,6 +146,11 @@ setup() {
   # Up deployment
   dagger -w "$DAGGER_SANDBOX" -e kube-aws-deployment up
   #################### CUE MANIFEST ####################
+  # Copy deployment to sandbox
+  copy_to_sandbox kube-aws-cue-manifest kube-aws
+
+  # Up deployment
+  dagger -w "$DAGGER_SANDBOX" -e kube-aws-cue-manifest up
 }
 
 @test "doc-1008-aws-cloudformation" {
diff --git a/docs/learn/tests/kube-aws/cue-manifest/config.cue b/docs/learn/tests/kube-aws/cue-manifest/config.cue
new file mode 100644
index 00000000..568ad9eb
--- /dev/null
+++ b/docs/learn/tests/kube-aws/cue-manifest/config.cue
@@ -0,0 +1,25 @@
+package main
+
+import (
+	"alpha.dagger.io/aws"
+	"alpha.dagger.io/aws/eks"
+	"alpha.dagger.io/aws/ecr"
+)
+
+// Value created for generic reference of `kubeconfig` in `todoapp.cue`
+kubeconfig: eksConfig.kubeconfig
+
+// awsConfig for Amazon connection
+awsConfig: aws.#Config
+
+// eksConfig used for deployment
+eksConfig: eks.#KubeConfig & {
+	// config field references `awsConfig` value to set in once
+	config: awsConfig
+}
+
+// ecrCreds used for remote image push
+ecrCreds: ecr.#Credentials & {
+	// config field references `awsConfig` value to set in once
+	config: awsConfig
+}
diff --git a/docs/learn/tests/kube-aws/cue-manifest/deployment.cue b/docs/learn/tests/kube-aws/cue-manifest/deployment.cue
new file mode 100644
index 00000000..88d7b800
--- /dev/null
+++ b/docs/learn/tests/kube-aws/cue-manifest/deployment.cue
@@ -0,0 +1,43 @@
+package main
+
+// Deployment template containing all the common boilerplate shared by
+// deployments of this application.
+#Deployment: {
+	// Name of the deployment. This will be used to label resources automatically
+	// and generate selectors.
+	name: string
+
+	// Container image.
+	image: string
+
+	// 80 is the default port.
+	port: *80 | int
+
+	// 1 is the default, but we allow any number.
+	replicas: *1 | int
+
+	// Deployment manifest. Uses the name, image, port and replicas above to
+	// generate the resource manifest.
+	manifest: {
+		apiVersion: "apps/v1"
+		kind:       "Deployment"
+		metadata: {
+			"name": name
+			labels: app: name
+		}
+		spec: {
+			"replicas": replicas
+			selector: matchLabels: app: name
+			template: {
+				metadata: labels: app: name
+				spec: containers: [{
+					"name":  name
+					"image": image
+					ports: [{
+						containerPort: port
+					}]
+				}]
+			}
+		}
+	}
+}
diff --git a/docs/learn/tests/kube-aws/cue-manifest/input.cue b/docs/learn/tests/kube-aws/cue-manifest/input.cue
new file mode 100644
index 00000000..1e21ec3d
--- /dev/null
+++ b/docs/learn/tests/kube-aws/cue-manifest/input.cue
@@ -0,0 +1,13 @@
+package main
+
+import (
+	"alpha.dagger.io/git"
+)
+
+repository: git.#Repository & {
+	remote: "https://github.com/dagger/examples.git"
+	ref:    "main"
+	subdir: "todoapp"
+}
+
+registry: "125635003186.dkr.ecr.\(awsConfig.region).amazonaws.com/dagger-ci"
diff --git a/docs/learn/tests/kube-aws/cue-manifest/manifest.cue b/docs/learn/tests/kube-aws/cue-manifest/manifest.cue
new file mode 100644
index 00000000..df4ff0d9
--- /dev/null
+++ b/docs/learn/tests/kube-aws/cue-manifest/manifest.cue
@@ -0,0 +1,29 @@
+package main
+
+import (
+	"encoding/yaml"
+)
+
+// Define and generate kubernetes deployment to deploy to kubernetes cluster
+#AppManifest: {
+	// Name of the application
+	name: string
+
+	// Image to deploy to
+	image: string
+
+	// Define a kubernetes deployment object
+	deployment: #Deployment & {
+		"name":  name
+		"image": image
+	}
+
+	// Define a kubernetes service object
+	service: #Service & {
+		"name": name
+		ports: http: deployment.port
+	}
+
+	// Merge definitions and convert them back from CUE to YAML
+	manifest: yaml.MarshalStream([deployment.manifest, service.manifest])
+}
diff --git a/docs/learn/tests/kube-aws/cue-manifest/service.cue b/docs/learn/tests/kube-aws/cue-manifest/service.cue
new file mode 100644
index 00000000..8c5dc957
--- /dev/null
+++ b/docs/learn/tests/kube-aws/cue-manifest/service.cue
@@ -0,0 +1,36 @@
+package main
+
+// Service template containing all the common boilerplate shared by
+// services of this application.
+#Service: {
+	// Name of the service. This will be used to label resources automatically
+	// and generate selector.
+	name: string
+
+	// NodePort is the default service type.
+	type: *"NodePort" | "LoadBalancer" | "ClusterIP" | "ExternalName"
+
+	// Ports where the service should listen
+	ports: [string]: number
+
+	// Service manifest. Uses the name, type and ports above to
+	// generate the resource manifest.
+	manifest: {
+		apiVersion: "v1"
+		kind:       "Service"
+		metadata: {
+			"name": "\(name)-service"
+			labels: app: name
+		}
+		spec: {
+			"type": type
+			"ports": [
+				for k, v in ports {
+					name: k
+					port: v
+				},
+			]
+			selector: app: name
+		}
+	}
+}
diff --git a/docs/learn/tests/kube-aws/cue-manifest/test/test.cue b/docs/learn/tests/kube-aws/cue-manifest/test/test.cue
new file mode 100644
index 00000000..82f2fb40
--- /dev/null
+++ b/docs/learn/tests/kube-aws/cue-manifest/test/test.cue
@@ -0,0 +1,66 @@
+package main
+
+import (
+	"alpha.dagger.io/dagger/op"
+	"alpha.dagger.io/kubernetes"
+)
+
+TestEks: {
+	#_GetDeployment: """
+			kubectl describe deployment todoapp | grep 'True'
+		"""
+
+	#_DeleteDeployment: """
+			kubectl delete deployment todoapp
+			kubectl delete service todoapp-service
+		"""
+
+	#up: [
+		op.#Load & {
+			from: kubernetes.#Kubectl
+		},
+
+		op.#WriteFile & {
+			dest:    "/kubeconfig"
+			content: todoApp.kubeSrc.kubeconfig
+		},
+
+		op.#WriteFile & {
+			dest:    "/getPods.sh"
+			content: #_GetDeployment
+		},
+
+		op.#WriteFile & {
+			dest:    "/deletePods.sh"
+			content: #_DeleteDeployment
+		},
+
+		// Get pods
+		op.#Exec & {
+			always: true
+			args: [
+				"/bin/bash",
+				"--noprofile",
+				"--norc",
+				"-eo",
+				"pipefail",
+				"/getPods.sh",
+			]
+			env: KUBECONFIG: "/kubeconfig"
+		},
+
+		// Delete pods
+		op.#Exec & {
+			always: true
+			args: [
+				"/bin/bash",
+				"--noprofile",
+				"--norc",
+				"-eo",
+				"pipefail",
+				"/deletePods.sh",
+			]
+			env: KUBECONFIG: "/kubeconfig"
+		},
+	]
+}
diff --git a/docs/learn/tests/kube-aws/cue-manifest/todoapp.cue b/docs/learn/tests/kube-aws/cue-manifest/todoapp.cue
new file mode 100644
index 00000000..acd1b847
--- /dev/null
+++ b/docs/learn/tests/kube-aws/cue-manifest/todoapp.cue
@@ -0,0 +1,45 @@
+package main
+
+import (
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/docker"
+	"alpha.dagger.io/kubernetes"
+)
+
+// input: source code repository, must contain a Dockerfile
+// set with `dagger input dir repository . -e kube`
+repository: dagger.#Artifact & dagger.#Input
+
+// ECR registry to push images to
+registry: string & dagger.#Input
+tag:      "test-ecr"
+
+// Todoapp deployment pipeline
+todoApp: {
+	// Build the image from repositoru artifact
+	image: docker.#Build & {
+		source: repository
+	}
+
+	// Push image to registry
+	remoteImage: docker.#Push & {
+		target: "\(registry):\(tag)"
+		source: image
+		auth: {
+			username: ecrCreds.username
+			secret:   ecrCreds.secret
+		}
+	}
+
+	// Generate deployment manifest
+	deployment: #AppManifest & {
+		name:  "todoapp"
+		image: remoteImage.ref
+	}
+
+	// Deploy the customized manifest to a kubernetes cluster 
+	kubeSrc: kubernetes.#Resources & {
+		"kubeconfig": kubeconfig
+		manifest:     deployment.manifest
+	}
+}
diff --git a/docs/learn/tests/kube-aws/deployment/test/test.cue b/docs/learn/tests/kube-aws/deployment/test/test.cue
index 7e5fcecb..82f2fb40 100644
--- a/docs/learn/tests/kube-aws/deployment/test/test.cue
+++ b/docs/learn/tests/kube-aws/deployment/test/test.cue
@@ -22,7 +22,7 @@ TestEks: {
 
 		op.#WriteFile & {
 			dest:    "/kubeconfig"
-			content: todoApp.kubeconfig
+			content: todoApp.kubeSrc.kubeconfig
 		},
 
 		op.#WriteFile & {