In this lab, you will learn how to create a simple "Hello World" container using Podman, push it to Amazon Elastic Container Registry (ECR), and deploy it to Amazon Elastic Kubernetes Service (EKS).
Ensure you have the following prerequisites in place before starting the lab:
- AWS CLI configured with necessary permissions.
- Podman installed on your Ubuntu system.
kubectlandeksctlinstalled and configured.- An existing Amazon EKS cluster with worker nodes.
- AWS account ready to use.
Create a new directory for the project:
mkdir hello-world-podman
cd hello-world-podmanCreate a Dockerfile in the project directory:
FROM python:3.8-slim
WORKDIR /app
COPY hello.py /app/hello.py
CMD ["python", "hello.py"]Create a simple Python script named hello.py:
print("Hello, World!")Create a variable for your container repository name to minimize conflicts:
PODMAN_REPO="hello-world-app-<yourname>"
export PODMAN_REPO
echo $PODMAN_REPOBuild the Podman image:
podman build -t $PODMAN_REPO .Verify the Podman image:
podman imagesYou should see $PODMAN_REPO listed among the Podman images.
Create an ECR repository:
ECR_REPO="hello-world-app-<yourname>"
export ECR_REPO
echo $ECR_REPOCreate an environment variable for the AWS account:
AWS_ACCOUNT_ID="<aws-account-id>"
export AWS_ACCOUNT_ID
echo $AWS_ACCOUNT_IDCreate the ECR repository:
aws ecr create-repository --repository-name $ECR_REPOVerify the repository exists:
aws ecr describe-repositoriesLog in to ECR:
AWS_REGION="ap-southeast-1"
export AWS_REGION
echo $AWS_REGIONGet the password for ECR and log in:
aws ecr get-login-password --region $AWS_REGION | podman login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.comIf successful, you should see:
Login Succeeded
Tag the Podman image for ECR:
podman tag $ECR_REPO:latest $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPO:latestPush the Podman image to ECR:
podman push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPO:latestCreate a variable for your EKS cluster:
EKS_CLUSTER="eks-cluster-<yourname>"
export EKS_CLUSTER
echo $EKS_CLUSTERUpdate your kubectl configuration to access the EKS cluster:
aws eks update-kubeconfig --region ap-southeast-1 --name apper-ckad-prep-cluster-2025Verify access to the cluster:
kubectl get nodesYou should see a list of worker nodes in your EKS cluster.
Create a file named hello-world-deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world-deployment-<yourname>
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: hello-world
template:
metadata:
labels:
app: hello-world
spec:
containers:
- name: hello-world-container
image: <aws-account-id>.dkr.ecr.ap-southeast-1.amazonaws.com/hello-world-app-<yourname>:latest
resources:
limits:
cpu: "256m"
memory: "512Mi"
requests:
cpu: "128m"
memory: "256Mi"Note: Replace
<aws-account-id>and<yourname>with your AWS account ID and unique identifier, respectively.
Apply the deployment to your EKS cluster:
kubectl apply -f hello-world-deployment.yamlVerify the deployment:
kubectl get deploymentsCheck the pods to ensure they are running:
kubectl get podsTo access the "Hello World" application, create a service to expose the deployment. Create a file named hello-world-service.yaml:
apiVersion: v1
kind: Service
metadata:
name: hello-world-service-<yourname>
namespace: default
spec:
selector:
app: hello-world
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: LoadBalancerImportant: The basic
hello.pyscript prints "Hello, World!" and exits, so it’s not a long-running server listening on a port like 8080. For this service to work, modifyhello.pyto include an HTTP server, such as:
from http.server import BaseHTTPRequestHandler, HTTPServer
class HelloWorldHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.send_header('Content-type', 'text/plain')
self.end_headers()
self.wfile.write(b'Hello, World!')
if __name__ == '__main__':
server = HTTPServer(('0.0.0.0', 8080), HelloWorldHandler)
print('Server running on port 8080...')
server.serve_forever()If you use the HTTP server version, rebuild and push the image (repeat Step 2 and Step 3), then apply the service:
kubectl apply -f hello-world-service.yamlGet the service’s external endpoint:
kubectl get servicesLook for the EXTERNAL-IP or LoadBalancer Ingress address. Use curl or a browser to access it (e.g., curl <external-ip>). It may take a few minutes for the LoadBalancer to provision.
To verify the "Hello, World!" output, check the pod logs:
POD_NAME=$(kubectl get pods -l app=hello-world -o jsonpath="{.items[0].metadata.name}")
kubectl logs $POD_NAMEYou should see the "Hello, World!" output in the logs. If you used the HTTP server version, you might see server startup messages instead.
- Verify the deployment is running:
kubectl get deployments- Verify the pods are running:
kubectl get pods- If you created a service, verify the service is accessible:
kubectl get services- Check the pod logs to confirm the "Hello, World!" output:
kubectl logs $POD_NAMEIf you used the HTTP server version, access the service’s external IP with curl or a browser to see the "Hello, World!" response.
To clean up resources, delete the deployment and service:
kubectl delete -f hello-world-deployment.yaml
kubectl delete -f hello-world-service.yamlDelete the ECR repository:
aws ecr delete-repository --repository-name $ECR_REPO --force