diff --git a/GNUmakefile b/GNUmakefile
index 660de6637c..4f2e07573d 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -33,6 +33,18 @@ depscheck:
 	@git diff --exit-code -- vendor || \
 		(echo; echo "Unexpected difference in vendor/ directory. Run 'go mod vendor' command or revert any go.mod/go.sum/vendor changes and commit."; exit 1)
 
+examples-lint: tools
+	@echo "==> Checking _examples dir formatting..."
+	@./scripts/fmt-examples.sh || (echo; \
+		echo "Terraform formatting errors found in _examples dir."; \
+		echo "To see the full differences, run: ./scripts/fmt-examples.sh diff"; \
+		echo "To automatically fix the formatting, run 'make examples-lint-fix' and commit the changes."; \
+		exit 1)
+
+examples-lint-fix: tools
+	@echo "==> Fixing terraform formatting of _examples dir..."
+	@./scripts/fmt-examples.sh fix
+
 fmt:
 	gofmt -w $(GOFMT_FILES)
 
diff --git a/_examples/aks/README.md b/_examples/aks/README.md
new file mode 100644
index 0000000000..5340fcc574
--- /dev/null
+++ b/_examples/aks/README.md
@@ -0,0 +1,60 @@
+# AKS (Azure Kubernetes Service)
+
+This example shows how to use the Terraform Kubernetes Provider and Terraform Helm Provider to configure an AKS cluster. The example config in this directory builds the AKS cluster and applies the Kubernetes configurations in a single operation. This guide will also show you how to make changes to the underlying AKS cluster in such a way that Kuberntes/Helm resources are recreated after the underlying cluster is replaced.
+
+You will need the following environment variables to be set:
+
+  - `ARM_SUBSCRIPTION_ID`
+  - `ARM_TENANT_ID`
+  - `ARM_CLIENT_ID`
+  - `ARM_CLIENT_SECRET`
+
+Ensure that `KUBE_CONFIG_FILE` and `KUBE_CONFIG_FILES` environment variables are NOT set, as they will interfere with the cluster build.
+
+```
+unset KUBE_CONFIG_FILE
+unset KUBE_CONFIG_FILES
+```
+
+To install the AKS cluster using default values, run terraform init and apply from the directory containing this README.
+
+```
+terraform init
+terraform apply
+```
+
+## Kubeconfig for manual CLI access
+
+This example generates a kubeconfig file in the current working directory, which can be used for manual CLI access to the cluster.
+
+```
+export KUBECONFIG=$(terraform output -raw kubeconfig_path)
+kubectl get pods -n test
+```
+
+However, in a real-world scenario, this config file would have to be replaced periodically as the AKS client certificates eventually expire (see the [Azure documentation](https://docs.microsoft.com/en-us/azure/aks/certificate-rotation) for the exact expiry dates). If the certificates (or other authentication attributes) are replaced, run a targeted `terraform apply` to save the new credentials into state.
+
+```
+terraform plan -target=module.aks-cluster
+terraform apply -target=module.aks-cluster
+```
+
+Once the targeted apply is finished, the Kubernetes and Helm providers will be available for use again. Run `terraform apply` again (without targeting) to apply any updates to Kubernetes resources.
+
+```
+terraform plan
+terraform apply
+```
+
+This approach prevents the Kubernetes and Helm providers from attempting to use cached, invalid credentials, which would cause provider configuration errors durring the plan and apply phases.
+
+## Replacing the AKS cluster and re-creating the Kubernetes / Helm resources
+
+When the cluster is initially created, the Kubernetes and Helm providers will not be initialized until authentication details are created for the cluster. However, for future operations that may involve replacing the underlying cluster (for example, changing VM sizes), the AKS cluster will have to be targeted without the Kubernetes/Helm providers, as shown below. This is done by removing the `module.kubernetes-config` from Terraform State prior to replacing cluster credentials, to avoid passing outdated credentials into the providers.
+
+This will create the new cluster and the Kubernetes resources in a single apply.
+
+```
+terraform state rm module.kubernetes-config
+terraform apply
+```
diff --git a/_examples/aks/aks-cluster/main.tf b/_examples/aks/aks-cluster/main.tf
new file mode 100644
index 0000000000..1a0648910b
--- /dev/null
+++ b/_examples/aks/aks-cluster/main.tf
@@ -0,0 +1,27 @@
+resource "azurerm_resource_group" "test" {
+  name     = var.cluster_name
+  location = var.location
+}
+
+resource "azurerm_kubernetes_cluster" "test" {
+  name                = var.cluster_name
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  dns_prefix          = var.cluster_name
+
+  default_node_pool {
+    name       = "default"
+    node_count = 1
+    vm_size    = "Standard_DS2_v2"
+  }
+
+  identity {
+    type = "SystemAssigned"
+  }
+}
+
+resource "local_file" "kubeconfig" {
+  content = azurerm_kubernetes_cluster.test.kube_config_raw
+  filename = "${path.root}/kubeconfig"
+}
+
diff --git a/_examples/aks/aks-cluster/output.tf b/_examples/aks/aks-cluster/output.tf
new file mode 100644
index 0000000000..9bb8518983
--- /dev/null
+++ b/_examples/aks/aks-cluster/output.tf
@@ -0,0 +1,15 @@
+output "client_cert" {
+  value = azurerm_kubernetes_cluster.test.kube_config.0.client_certificate
+}
+
+output "client_key" {
+  value = azurerm_kubernetes_cluster.test.kube_config.0.client_key
+}
+
+output "ca_cert" {
+  value = azurerm_kubernetes_cluster.test.kube_config.0.cluster_ca_certificate
+}
+
+output "endpoint" {
+  value = azurerm_kubernetes_cluster.test.kube_config.0.host
+}
diff --git a/_examples/aks/aks-cluster/variables.tf b/_examples/aks/aks-cluster/variables.tf
new file mode 100644
index 0000000000..0f37fe571c
--- /dev/null
+++ b/_examples/aks/aks-cluster/variables.tf
@@ -0,0 +1,15 @@
+variable "kubernetes_version" {
+  default = "1.18"
+}
+
+variable "workers_count" {
+  default = "3"
+}
+
+variable "cluster_name" {
+  type = string
+}
+
+variable "location" {
+  type = string
+}
diff --git a/_examples/aks/kubernetes-config/main.tf b/_examples/aks/kubernetes-config/main.tf
new file mode 100644
index 0000000000..3eeabc804d
--- /dev/null
+++ b/_examples/aks/kubernetes-config/main.tf
@@ -0,0 +1,56 @@
+resource "kubernetes_namespace" "test" {
+  metadata {
+    name = "test"
+  }
+}
+
+resource "kubernetes_deployment" "test" {
+  metadata {
+    name = "test"
+    namespace= kubernetes_namespace.test.metadata.0.name
+  }
+  spec {
+    replicas = 2
+    selector {
+      match_labels = {
+        app = "test"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app  = "test"
+        }
+      }
+      spec {
+        container {
+          image = "nginx:1.19.4"
+          name  = "nginx"
+
+          resources {
+            limits = {
+              memory = "512M"
+              cpu = "1"
+            }
+            requests = {
+              memory = "256M"
+              cpu = "50m"
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+resource helm_release nginx_ingress {
+  name       = "nginx-ingress-controller"
+
+  repository = "https://charts.bitnami.com/bitnami"
+  chart      = "nginx-ingress-controller"
+
+  set {
+    name  = "service.type"
+    value = "ClusterIP"
+  }
+}
diff --git a/_examples/aks/kubernetes-config/variables.tf b/_examples/aks/kubernetes-config/variables.tf
new file mode 100644
index 0000000000..abbf86f798
--- /dev/null
+++ b/_examples/aks/kubernetes-config/variables.tf
@@ -0,0 +1,3 @@
+variable "cluster_name" {
+  type = string
+}
diff --git a/_examples/aks/main.tf b/_examples/aks/main.tf
new file mode 100644
index 0000000000..91e08dfaac
--- /dev/null
+++ b/_examples/aks/main.tf
@@ -0,0 +1,50 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+      version = ">= 2.0.0"
+    }
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "2.42"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.0.1"
+    }
+  }
+}
+
+provider "kubernetes" {
+  host                   = module.aks-cluster.endpoint
+  client_key             = base64decode(module.aks-cluster.client_key)
+  client_certificate     = base64decode(module.aks-cluster.client_cert)
+  cluster_ca_certificate = base64decode(module.aks-cluster.ca_cert)
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = module.aks-cluster.endpoint
+    client_key             = base64decode(module.aks-cluster.client_key)
+    client_certificate     = base64decode(module.aks-cluster.client_cert)
+    cluster_ca_certificate = base64decode(module.aks-cluster.ca_cert)
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
+
+module "aks-cluster" {
+  providers    = { azurerm = azurerm }
+  source       = "./aks-cluster"
+  cluster_name = local.cluster_name
+  location     = var.location
+}
+
+module "kubernetes-config" {
+  providers    = { kubernetes = kubernetes, helm = helm }
+  depends_on   = [module.aks-cluster]
+  source       = "./kubernetes-config"
+  cluster_name = local.cluster_name
+}
diff --git a/_examples/aks/outputs.tf b/_examples/aks/outputs.tf
new file mode 100644
index 0000000000..18917bfee6
--- /dev/null
+++ b/_examples/aks/outputs.tf
@@ -0,0 +1,7 @@
+output "kubeconfig_path" {
+  value = abspath("${path.root}/kubeconfig")
+}
+
+output "cluster_name" {
+  value = local.cluster_name
+}
diff --git a/_examples/aks/variables.tf b/_examples/aks/variables.tf
new file mode 100644
index 0000000000..e8d47c0d96
--- /dev/null
+++ b/_examples/aks/variables.tf
@@ -0,0 +1,12 @@
+variable "location" {
+  type    = string
+  default = "westus2"
+}
+
+resource "random_id" "cluster_name" {
+  byte_length = 5
+}
+
+locals {
+  cluster_name = "tf-k8s-${random_id.cluster_name.hex}"
+}
diff --git a/_examples/certificate-signing-request/main.tf b/_examples/certificate-signing-request/main.tf
index 828b41ebae..323e6b36f2 100644
--- a/_examples/certificate-signing-request/main.tf
+++ b/_examples/certificate-signing-request/main.tf
@@ -1,6 +1,6 @@
 resource "tls_private_key" "example" {
   algorithm = "ECDSA"
-  rsa_bits = "4096"
+  rsa_bits  = "4096"
 }
 
 resource "tls_cert_request" "example" {
@@ -19,7 +19,7 @@ resource "kubernetes_certificate_signing_request" "example" {
   }
   spec {
     request = tls_cert_request.example.cert_request_pem
-    usages = ["client auth", "server auth"]
+    usages  = ["client auth", "server auth"]
   }
   auto_approve = true
 }
@@ -41,12 +41,12 @@ resource "kubernetes_pod" "main" {
   }
   spec {
     container {
-      name = "default"
-      image = "alpine:latest"
+      name    = "default"
+      image   = "alpine:latest"
       command = ["cat", "/etc/test/tls.crt"]
       volume_mount {
         mount_path = "/etc/test"
-        name = "secretvol"
+        name       = "secretvol"
       }
     }
     volume {
diff --git a/_examples/certificate-signing-request/variables.tf b/_examples/certificate-signing-request/variables.tf
index 203e53a28e..e81b4aaff6 100644
--- a/_examples/certificate-signing-request/variables.tf
+++ b/_examples/certificate-signing-request/variables.tf
@@ -1,7 +1,7 @@
-variable example_user {
-        default = "admin"
+variable "example_user" {
+  default = "admin"
 }
 
-variable example_org {
-        default = "example cluster"
+variable "example_org" {
+  default = "example cluster"
 }
diff --git a/_examples/eks/README.md b/_examples/eks/README.md
new file mode 100644
index 0000000000..4e091330b8
--- /dev/null
+++ b/_examples/eks/README.md
@@ -0,0 +1,68 @@
+# EKS (Amazon Elastic Kubernetes Service)
+
+This example shows how to use the Terraform Kubernetes Provider and Terraform Helm Provider to configure an EKS cluster. The example config builds the EKS cluster and applies the Kubernetes configurations in a single operation. This guide will also show you how to make changes to the underlying EKS cluster in such a way that Kuberntes/Helm resources are recreated after the underlying cluster is replaced.
+
+You will need the following environment variables to be set:
+
+  - `AWS_ACCESS_KEY_ID`
+  - `AWS_SECRET_ACCESS_KEY`
+
+See [AWS Provider docs](https://www.terraform.io/docs/providers/aws/index.html#configuration-reference) for more details about these variables and alternatives, like `AWS_PROFILE`.
+
+Ensure that `KUBE_CONFIG_FILE` and `KUBE_CONFIG_FILES` environment variables are NOT set, as they will interfere with the cluster build.
+
+```
+unset KUBE_CONFIG_FILE
+unset KUBE_CONFIG_FILES
+```
+
+To install the EKS cluster using default values, run terraform init and apply from the directory containing this README.
+
+```
+terraform init
+terraform apply
+```
+
+## Kubeconfig for manual CLI access
+
+This example generates a kubeconfig file in the current working directory. However, the token in this config expires in 15 minutes. The token can be refreshed by running `terraform apply` again. Export the KUBECONFIG to manually access the cluster:
+
+```
+terraform apply
+export KUBECONFIG=$(terraform output -raw kubeconfig_path)
+kubectl get pods -n test
+```
+
+## Optional variables
+
+The Kubernetes version can be specified at apply time:
+
+```
+terraform apply -var=kubernetes_version=1.18
+```
+
+See https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html for currently available versions.
+
+
+### Worker node count and instance type
+
+The number of worker nodes, and the instance type, can be specified at apply time:
+
+```
+terraform apply -var=workers_count=4 -var=workers_type=m4.xlarge
+```
+
+## Additional configuration of EKS
+
+To view all available configuration options for the EKS module used in this example, see [terraform-aws-modules/eks docs](https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest).
+
+## Replacing the EKS cluster and re-creating the Kubernetes / Helm resources
+
+When the cluster is initially created, the Kubernetes and Helm providers will not be initialized until authentication details are created for the cluster. However, for future operations that may involve replacing the underlying cluster (for example, changing the network where the EKS cluster resides), the EKS cluster will have to be targeted without the Kubernetes/Helm providers, as shown below. This is done by removing the `module.kubernetes-config` from Terraform State prior to replacing cluster credentials, to avoid passing outdated credentials into the providers.
+
+This will create the new cluster and the Kubernetes resources in a single apply.
+
+```
+terraform state rm module.kubernetes-config
+terraform apply
+```
diff --git a/_examples/eks/kubernetes-config/main.tf b/_examples/eks/kubernetes-config/main.tf
new file mode 100644
index 0000000000..2c963afcbd
--- /dev/null
+++ b/_examples/eks/kubernetes-config/main.tf
@@ -0,0 +1,107 @@
+provider "kubernetes" {
+  host                   = var.cluster_endpoint
+  cluster_ca_certificate = base64decode(var.cluster_ca_cert)
+  exec {
+    api_version = "client.authentication.k8s.io/v1alpha1"
+    args        = ["eks", "get-token", "--cluster-name", var.cluster_name]
+    command     = "aws"
+  }
+}
+
+resource "kubernetes_config_map" "name" {
+  depends_on  = [var.cluster_name]
+  metadata {
+    name      = "aws-auth"
+    namespace = "kube-system"
+  }
+
+  data = {
+    mapRoles = join(
+      "\n",
+      formatlist(local.mapped_role_format, var.k8s_node_role_arn),
+    )
+  }
+}
+
+# This allows the kubeconfig file to be refreshed during every Terraform apply.
+# Optional: this kubeconfig file is only used for manual CLI access to the cluster.
+resource "null_resource" "generate-kubeconfig" {
+  provisioner "local-exec" {
+    command = "aws eks update-kubeconfig --name ${var.cluster_name} --kubeconfig ${path.root}/kubeconfig"
+  }
+  triggers = {
+    always_run = timestamp()
+  }
+}
+
+resource "kubernetes_namespace" "test" {
+  depends_on  = [var.cluster_name]
+  metadata {
+    name = "test"
+  }
+}
+
+resource "kubernetes_deployment" "test" {
+  depends_on  = [var.cluster_name]
+  metadata {
+    name = "test"
+    namespace= kubernetes_namespace.test.metadata.0.name
+  }
+  spec {
+    replicas = 2
+    selector {
+      match_labels = {
+        app  = "test"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app  = "test"
+        }
+      }
+      spec {
+        container {
+          image = "nginx:1.19.4"
+          name  = "nginx"
+
+          resources {
+            limits = {
+              memory = "512M"
+              cpu = "1"
+            }
+            requests = {
+              memory = "256M"
+              cpu = "50m"
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = var.cluster_endpoint
+    cluster_ca_certificate = base64decode(var.cluster_ca_cert)
+    exec {
+      api_version = "client.authentication.k8s.io/v1alpha1"
+      args        = ["eks", "get-token", "--cluster-name", var.cluster_name]
+      command     = "aws"
+    }
+  }
+}
+
+resource helm_release nginx_ingress {
+  depends_on  = [var.cluster_name]
+  name       = "nginx-ingress-controller"
+
+  repository = "https://charts.bitnami.com/bitnami"
+  chart      = "nginx-ingress-controller"
+
+  set {
+    name  = "service.type"
+    value = "ClusterIP"
+  }
+}
diff --git a/_examples/eks/kubernetes-config/variables.tf b/_examples/eks/kubernetes-config/variables.tf
new file mode 100644
index 0000000000..169c564f82
--- /dev/null
+++ b/_examples/eks/kubernetes-config/variables.tf
@@ -0,0 +1,26 @@
+variable "k8s_node_role_arn" {
+  type = list(string)
+}
+
+variable "cluster_ca_cert" {
+  type = string
+}
+
+variable "cluster_endpoint" {
+  type = string
+}
+
+variable "cluster_name" {
+  type = string
+}
+
+locals {
+  mapped_role_format = <<MAPPEDROLE
+- rolearn: %s
+  username: system:node:{{EC2PrivateDNSName}}
+  groups:
+    - system:bootstrappers
+    - system:nodes
+MAPPEDROLE
+
+}
diff --git a/_examples/eks/main.tf b/_examples/eks/main.tf
new file mode 100644
index 0000000000..927b7f1457
--- /dev/null
+++ b/_examples/eks/main.tf
@@ -0,0 +1,59 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+      version = ">= 2.0.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.0.1"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.22.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = var.region
+}
+
+module "vpc" {
+  source = "./vpc"
+}
+
+module "cluster" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "v13.2.1"
+
+  vpc_id  = module.vpc.vpc_id
+  subnets = module.vpc.subnets
+
+  cluster_name    = module.vpc.cluster_name
+  cluster_version = var.kubernetes_version
+  manage_aws_auth = false # Managed in ./kubernetes-config/main.tf instead.
+  # This kubeconfig expires in 15 minutes, so we'll use an exec block instead.
+  # See ./kubernetes-config/main.tf provider block for details.
+  write_kubeconfig = false
+
+  worker_groups = [
+    {
+      instance_type        = var.workers_type
+      asg_desired_capacity = var.workers_count
+      asg_max_size         = "10"
+    },
+  ]
+
+  tags = {
+    environment = "test"
+  }
+}
+
+module "kubernetes-config" {
+  source            = "./kubernetes-config"
+  k8s_node_role_arn = list(module.cluster.worker_iam_role_arn)
+  cluster_ca_cert   = module.cluster.cluster_certificate_authority_data
+  cluster_name      = module.cluster.cluster_id # creates dependency on cluster creation
+  cluster_endpoint  = module.cluster.cluster_endpoint
+}
diff --git a/_examples/eks/output.tf b/_examples/eks/output.tf
new file mode 100644
index 0000000000..c83a27e866
--- /dev/null
+++ b/_examples/eks/output.tf
@@ -0,0 +1,8 @@
+output "kubeconfig_path" {
+  value = abspath("${path.root}/kubeconfig")
+}
+
+output "cluster_name" {
+  value = module.vpc.cluster_name
+}
+
diff --git a/_examples/eks/variables.tf b/_examples/eks/variables.tf
new file mode 100644
index 0000000000..6b8bb5dcb4
--- /dev/null
+++ b/_examples/eks/variables.tf
@@ -0,0 +1,21 @@
+#
+# Variables Configuration
+#
+variable "region" {
+  default = "us-west-1"
+  type    = string
+}
+
+variable "kubernetes_version" {
+  type    = string
+  default = "1.18"
+}
+
+variable "workers_count" {
+  default = 2
+}
+
+variable "workers_type" {
+  type    = string
+  default = "m4.large"
+}
diff --git a/_examples/eks/versions.tf b/_examples/eks/versions.tf
new file mode 100644
index 0000000000..9d585006d4
--- /dev/null
+++ b/_examples/eks/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.14"
+}
diff --git a/_examples/eks/vpc/main.tf b/_examples/eks/vpc/main.tf
new file mode 100644
index 0000000000..c48ee453f1
--- /dev/null
+++ b/_examples/eks/vpc/main.tf
@@ -0,0 +1,68 @@
+#
+# VPC Resources
+#  * VPC
+#  * Subnets
+#  * Internet Gateway
+#  * Route Table
+#
+# Using these data sources allows the configuration to be
+# generic for any region.
+data "aws_region" "current" {
+}
+
+data "aws_availability_zones" "available" {
+}
+
+resource "random_id" "cluster_name" {
+  byte_length = 2
+  prefix      = "k8s-acc-"
+}
+
+resource "aws_vpc" "k8s-acc" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_support   = true
+  enable_dns_hostnames = true
+  tags = {
+    "Name"                                                = "terraform-eks-k8s-acc-node"
+    "kubernetes.io/cluster/${random_id.cluster_name.hex}" = "shared"
+  }
+}
+
+resource "aws_subnet" "k8s-acc" {
+  count = 2
+
+  availability_zone       = data.aws_availability_zones.available.names[count.index]
+  cidr_block              = "10.0.${count.index}.0/24"
+  vpc_id                  = aws_vpc.k8s-acc.id
+  map_public_ip_on_launch = true
+
+  tags = {
+    "Name"                                                = "terraform-eks-k8s-acc-node"
+    "kubernetes.io/cluster/${random_id.cluster_name.hex}" = "shared"
+    "kubernetes.io/role/elb"                              = 1
+  }
+}
+
+resource "aws_internet_gateway" "k8s-acc" {
+  vpc_id = aws_vpc.k8s-acc.id
+
+  tags = {
+    Name = "terraform-eks-k8s-acc"
+  }
+}
+
+resource "aws_route_table" "k8s-acc" {
+  vpc_id = aws_vpc.k8s-acc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.k8s-acc.id
+  }
+}
+
+resource "aws_route_table_association" "k8s-acc" {
+  count = 2
+
+  subnet_id      = aws_subnet.k8s-acc[count.index].id
+  route_table_id = aws_route_table.k8s-acc.id
+}
diff --git a/_examples/eks/vpc/outputs.tf b/_examples/eks/vpc/outputs.tf
new file mode 100644
index 0000000000..6601b49174
--- /dev/null
+++ b/_examples/eks/vpc/outputs.tf
@@ -0,0 +1,12 @@
+output "vpc_id" {
+  value = aws_vpc.k8s-acc.id
+}
+
+output "subnets" {
+  value = aws_subnet.k8s-acc.*.id
+}
+
+output "cluster_name" {
+  value = random_id.cluster_name.hex
+}
+
diff --git a/_examples/gke/README.md b/_examples/gke/README.md
new file mode 100644
index 0000000000..ae36dfe2ab
--- /dev/null
+++ b/_examples/gke/README.md
@@ -0,0 +1,76 @@
+# GKE (Google Container Engine)
+
+This example shows how to use the Terraform Kubernetes Provider and Terraform Helm Provider to configure a GKE cluster. The example config builds the GKE cluster and applies the Kubernetes configurations in a single operation. This guide will also show you how to make changes to the underlying GKE cluster in such a way that Kuberntes/Helm resources are recreated after the underlying cluster is replaced.
+
+You will need the following environment variables to be set:
+
+ - `GOOGLE_CREDENTIALS`
+ - `GOOGLE_PROJECT`
+ - `GOOGLE_REGION`
+
+For example:
+```
+$ env | grep GOOGLE
+GOOGLE_REGION=us-west1
+GOOGLE_CREDENTIALS=/home/myuser/.config/gcloud/legacy_credentials/mygoogleuser/adc.json
+GOOGLE_PROJECT=my-gcp-project
+```
+
+See [Google Provider docs](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#full-reference) for more details about these variables.
+
+Ensure that `KUBE_CONFIG_FILE` and `KUBE_CONFIG_FILES` environment variables are NOT set, as they will interfere with the cluster build.
+
+```
+unset KUBE_CONFIG_FILE
+unset KUBE_CONFIG_FILES
+```
+
+To install the GKE cluster using default values, run terraform init and apply from the directory containing this README.
+
+```
+terraform init
+terraform apply
+```
+
+Optionally, the Kubernetes version can also be specified:
+
+```
+terraform apply -var=kubernetes_version=1.18
+```
+
+
+## Versions
+
+Valid versions for the GKE cluster can be found by using the gcloud tool.
+
+```
+gcloud container get-server-config --region $GOOGLE_REGION
+```
+
+## Kubeconfig for manual CLI access
+
+This example generates a kubeconfig file in the current working directory. However, the token in this config will expire after 1 hour. The token can be refreshed by running `terraform apply` again.
+
+```
+terraform apply
+export KUBECONFIG=$(terraform output -raw kubeconfig_path)
+kubectl get pods -n test
+```
+
+Alternatively, a longer-lived configuration can be generated using the gcloud tool. Note: this command will overwrite the default kubeconfig at `$HOME/.kube/config`.
+
+```
+gcloud container clusters get-credentials $(terraform output -raw cluster_name) --zone $(terraform output -raw google_zone)
+kubectl get pods -n test
+```
+
+## Replacing the GKE cluster and re-creating the Kubernetes / Helm resources
+
+When the cluster is initially created, the Kubernetes and Helm providers will not be initialized until authentication details are created for the cluster. However, for future operations that may involve replacing the underlying cluster (for example, changing VM sizes), the GKE cluster will have to be targeted without the Kubernetes/Helm providers, as shown below. This is done by removing the `module.kubernetes-config` from Terraform State prior to replacing cluster credentials, to avoid passing outdated credentials into the providers.
+
+This will create the new cluster and the Kubernetes resources in a single apply.
+
+```
+terraform state rm module.kubernetes-config
+terraform apply
+```
diff --git a/_examples/gke/gke-cluster/main.tf b/_examples/gke/gke-cluster/main.tf
new file mode 100644
index 0000000000..87a8f88123
--- /dev/null
+++ b/_examples/gke/gke-cluster/main.tf
@@ -0,0 +1,40 @@
+provider "google" {
+  # Provider is configured using environment variables: GOOGLE_REGION, GOOGLE_PROJECT, GOOGLE_CREDENTIALS.
+  # This can be set statically, if preferred. See docs for details.
+  # https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#full-reference
+}
+
+# This is used to set local variable google_zone.
+# This can be replaced with a statically-configured zone, if preferred.
+data "google_compute_zones" "available" {
+}
+
+data "google_container_engine_versions" "supported" {
+  location           = local.google_zone
+  version_prefix     = var.kubernetes_version
+}
+
+resource "google_container_cluster" "primary" {
+  name               = var.cluster_name
+  location           = local.google_zone
+  initial_node_count = var.workers_count
+  min_master_version = data.google_container_engine_versions.supported.latest_master_version
+  # node version must match master version
+  # https://www.terraform.io/docs/providers/google/r/container_cluster.html#node_version
+  node_version       = data.google_container_engine_versions.supported.latest_master_version
+
+  node_locations = [
+    data.google_compute_zones.available.names[1],
+  ]
+
+  node_config {
+    machine_type = "n1-standard-4"
+
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/compute",
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring",
+    ]
+  }
+}
diff --git a/_examples/gke/gke-cluster/output.tf b/_examples/gke/gke-cluster/output.tf
new file mode 100644
index 0000000000..500403d0dc
--- /dev/null
+++ b/_examples/gke/gke-cluster/output.tf
@@ -0,0 +1,23 @@
+output "node_version" {
+  value = google_container_cluster.primary.node_version
+}
+
+output "cluster_id" {
+  value = google_container_cluster.primary.id
+}
+
+output "cluster_endpoint" {
+  value = google_container_cluster.primary.endpoint
+}
+
+output "cluster_ca_cert" {
+  value = google_container_cluster.primary.master_auth[0].cluster_ca_certificate
+}
+
+output "cluster_name" {
+  value = google_container_cluster.primary.name
+}
+
+output "google_zone" {
+  value = local.google_zone
+}
diff --git a/_examples/gke/gke-cluster/variables.tf b/_examples/gke/gke-cluster/variables.tf
new file mode 100644
index 0000000000..eb2f9f4488
--- /dev/null
+++ b/_examples/gke/gke-cluster/variables.tf
@@ -0,0 +1,15 @@
+variable "kubernetes_version" {
+  default = "1.18"
+}
+
+variable "workers_count" {
+  default = "3"
+}
+
+variable "cluster_name" {
+  type = string
+}
+
+locals {
+  google_zone = data.google_compute_zones.available.names[0]
+}
diff --git a/_examples/gke/kubernetes-config/kubeconfig-template.yaml b/_examples/gke/kubernetes-config/kubeconfig-template.yaml
new file mode 100644
index 0000000000..221999be7b
--- /dev/null
+++ b/_examples/gke/kubernetes-config/kubeconfig-template.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: ${cluster_ca}
+    server: https://${endpoint}
+  name: ${cluster_name}
+contexts:
+- context:
+    cluster: ${cluster_name}
+    user: ${cluster_name}
+  name: ${cluster_name}
+users:
+- name: ${cluster_name}
+  user:
+    token: ${cluster_token}
+current-context: ${cluster_name}
+kind: Config
+preferences: {}
diff --git a/_examples/gke/kubernetes-config/main.tf b/_examples/gke/kubernetes-config/main.tf
new file mode 100644
index 0000000000..ac3ef4effc
--- /dev/null
+++ b/_examples/gke/kubernetes-config/main.tf
@@ -0,0 +1,94 @@
+# Configure kubernetes provider with Oauth2 access token.
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
+# This fetches a new token, which will expire in 1 hour.
+data "google_client_config" "default" {
+}
+
+provider "kubernetes" {
+  host = var.cluster_endpoint
+  token = data.google_client_config.default.access_token
+  cluster_ca_certificate = base64decode(var.cluster_ca_cert)
+}
+
+resource "kubernetes_namespace" "test" {
+  metadata {
+    name = "test"
+  }
+}
+
+resource "kubernetes_deployment" "test" {
+  metadata {
+    name = "test"
+    namespace= kubernetes_namespace.test.metadata.0.name
+  }
+  spec {
+    replicas = 2
+    selector {
+      match_labels = {
+        app = "test"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app  = "test"
+        }
+      }
+      spec {
+        container {
+          image = "nginx:1.19.4"
+          name  = "nginx"
+
+          resources {
+            limits = {
+              memory = "512M"
+              cpu = "1"
+            }
+            requests = {
+              memory = "256M"
+              cpu = "50m"
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+provider "helm" {
+  kubernetes {
+    host = var.cluster_endpoint
+    token = data.google_client_config.default.access_token
+    cluster_ca_certificate = base64decode(var.cluster_ca_cert)
+  }
+}
+
+resource helm_release nginx_ingress {
+  name       = "nginx-ingress-controller"
+
+  repository = "https://charts.bitnami.com/bitnami"
+  chart      = "nginx-ingress-controller"
+
+  set {
+    name  = "service.type"
+    value = "ClusterIP"
+  }
+}
+
+data "template_file" "kubeconfig" {
+  template = file("${path.module}/kubeconfig-template.yaml")
+
+  vars = {
+    cluster_name    = var.cluster_name
+    endpoint        = var.cluster_endpoint
+    cluster_ca      = var.cluster_ca_cert
+    cluster_token   = data.google_client_config.default.access_token
+  }
+}
+
+resource "local_file" "kubeconfig" {
+  depends_on = [var.cluster_id]
+  content  = data.template_file.kubeconfig.rendered
+  filename = "${path.root}/kubeconfig"
+}
+
diff --git a/_examples/gke/kubernetes-config/variables.tf b/_examples/gke/kubernetes-config/variables.tf
new file mode 100644
index 0000000000..8286692e5e
--- /dev/null
+++ b/_examples/gke/kubernetes-config/variables.tf
@@ -0,0 +1,16 @@
+variable "cluster_name" {
+  type = string
+}
+
+variable "cluster_id" {
+  type = string
+}
+
+variable "cluster_endpoint" {
+  type = string
+}
+
+variable "cluster_ca_cert" {
+  type = string
+}
+
diff --git a/_examples/gke/main.tf b/_examples/gke/main.tf
new file mode 100644
index 0000000000..34647aa911
--- /dev/null
+++ b/_examples/gke/main.tf
@@ -0,0 +1,38 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+      version = ">= 2.0.0"
+    }
+    google = {
+      source  = "hashicorp/google"
+      version = "3.52"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.0.1"
+    }
+  }
+}
+
+resource "random_id" "cluster_name" {
+  byte_length = 5
+}
+
+locals {
+  cluster_name = "tf-k8s-${random_id.cluster_name.hex}"
+}
+
+module "gke-cluster" {
+  source       = "./gke-cluster"
+  cluster_name = local.cluster_name
+}
+
+module "kubernetes-config" {
+  source           = "./kubernetes-config"
+  cluster_name     = module.gke-cluster.cluster_name
+  cluster_id       = module.gke-cluster.cluster_id # creates dependency on cluster creation
+  cluster_endpoint = module.gke-cluster.cluster_endpoint
+  cluster_ca_cert  = module.gke-cluster.cluster_ca_cert
+}
+
diff --git a/_examples/gke/outputs.tf b/_examples/gke/outputs.tf
new file mode 100644
index 0000000000..8eec4686f0
--- /dev/null
+++ b/_examples/gke/outputs.tf
@@ -0,0 +1,11 @@
+output "kubeconfig_path" {
+  value = abspath("${path.root}/kubeconfig")
+}
+
+output "cluster_name" {
+  value = local.cluster_name
+}
+
+output "google_zone" {
+  value = module.gke-cluster.google_zone
+}
diff --git a/_examples/google-gke-cluster/README.md b/_examples/google-gke-cluster/README.md
deleted file mode 100644
index 5a8668f730..0000000000
--- a/_examples/google-gke-cluster/README.md
+++ /dev/null
@@ -1,130 +0,0 @@
-# Google GKE (Google Container Engine) cluster
-
-In case you don't have a K8S cluster yet the easiest way
-to create one from scratch is to use GKE (Google Container Service).
-
-You can read more about GKE at https://cloud.google.com/container-engine/
-
-## Prerequisites
-
-*This example uses syntax elements specific to Terraform version 0.12+.
-It will not work out-of-the-box with Terraform 0.11.x and lower.*
-
-Configure the Google Cloud provider by supplying environment variables
-and/or standard config files.
-Check out [related docs](https://www.terraform.io/docs/providers/google/index.html#configuration-reference)
-on how to do so, specifically look at arguments `credentials` and `project`.
-
-## Creating cluster
-
-First we make sure the Google provider is downloaded and available
-
-```sh
-terraform init
-```
-
-then we carry on by creating the real infrastructure which
-requires region, cluster username and password.
-
-```sh
-terraform apply \
-	-var 'region=us-west1' \
-	-var 'username=MySecretUsername' \
-	-var 'password=MySecretPassword'
-```
-
-You may also specify the K8S version (see [available versions](https://cloud.google.com/container-engine/release-notes))
-and name of the cluster.
-
-```sh
-terraform apply \
-	-var 'kubernetes_version=1.16.8' \
-	-var 'cluster_name=terraform-example-cluster' \
-	-var 'region=us-west1' \
-	-var 'username=MySecretUsername' \
-	-var 'password=MySecretPassword'
-```
-
-Afterwards you should see output similar to this one in your console
-
-```
-...
-
-Outputs:
-
-additional_zones = [
-    us-west1-b
-]
-cluster_name = terraform-example-cluster
-endpoint = 102.186.121.2
-node_version = 1.16.8
-primary_zone = us-west1-a
-```
-
-## Credentials
-
-It is generally a good practice not to hard-code credentials
-in your source code and use environment variables and/or standard config instead.
-Check out [the relevant docs](https://www.terraform.io/docs/providers/kubernetes/index.html#argument-reference)
-for all supported provider arguments, most of which are related to authentication.
-
-Once you have a cluster up and running on GKE the easiest way to supply
-credentials to the provider is via the following set of steps:
-
-```sh
-gcloud container clusters get-credentials \
-	$(terraform output cluster_name) \
-	--zone=$(terraform output primary_zone)
-```
-
-Afterwards you should have a set of valid credentials stored
-in the config at default location where the Kubernetes provider
-can find them. The current context will also be automatically
-pointed to those new credentials (in case you have any other
-credentials there in an existing config).
-
-You can verify this by running
-
-```sh
-kubectl cluster-info
-```
-
-which should provide output similar to the one below
-
-```
-Kubernetes master is running at https://102.186.121.2
-GLBCDefaultBackend is running at https://102.186.121.2/api/v1/namespaces/kube-system/services/default-http-backend/proxy
-Heapster is running at https://102.186.121.2/api/v1/namespaces/kube-system/services/heapster/proxy
-KubeDNS is running at https://102.186.121.2/api/v1/namespaces/kube-system/services/kube-dns/proxy
-kubernetes-dashboard is running at https://102.186.121.2/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy
-
-To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
-```
-
-You can also visit the Kubernetes dashboard by opening a proxy
-
-```sh
-kubectl proxy
-```
-
-which will print out the IP & port on which the proxy is listening
-
-```
-Starting to serve on 127.0.0.1:8001
-```
-
-then you can either copy & paste that into your browser
-or just do this in a separate console session (while keeping the proxy running)
-
-```
-open http://127.0.0.1:8001/ui/
-```
-
-## Destroying cluster
-
-```sh
-terraform destroy \
-	-var 'region=us-west1' \
-	-var 'username=' \
-	-var 'password='
-```
diff --git a/_examples/google-gke-cluster/main.tf b/_examples/google-gke-cluster/main.tf
deleted file mode 100644
index 3babf807a4..0000000000
--- a/_examples/google-gke-cluster/main.tf
+++ /dev/null
@@ -1,72 +0,0 @@
-variable "region" {
-}
-
-provider "google" {
-  region = var.region
-  // Provider settings to be provided via ENV variables
-}
-
-data "google_compute_zones" "available" {
-}
-
-variable "cluster_name" {
-  default = "terraform-example-cluster"
-}
-
-variable "kubernetes_version" {
-  default = "1.16.8"
-}
-
-variable "username" {
-}
-
-variable "password" {
-}
-
-resource "google_container_cluster" "primary" {
-  name               = var.cluster_name
-  location 	     = data.google_compute_zones.available.names[0]
-  initial_node_count = 3
-
-  min_master_version = var.kubernetes_version
-  node_version       = var.kubernetes_version
-
-  node_locations = [
-    data.google_compute_zones.available.names[1],
-  ]
-
-  master_auth {
-    username = var.username
-    password = var.password
-  }
-
-  node_config {
-    oauth_scopes = [
-      "https://www.googleapis.com/auth/compute",
-      "https://www.googleapis.com/auth/devstorage.read_only",
-      "https://www.googleapis.com/auth/logging.write",
-      "https://www.googleapis.com/auth/monitoring",
-    ]
-  }
-}
-
-output "cluster_name" {
-  value = google_container_cluster.primary.name
-}
-
-output "primary_zone" {
-  value = google_container_cluster.primary.zone
-}
-
-output "additional_zones" {
-  value = google_container_cluster.primary.additional_zones
-}
-
-output "endpoint" {
-  value = google_container_cluster.primary.endpoint
-}
-
-output "node_version" {
-  value = google_container_cluster.primary.node_version
-}
-
diff --git a/_examples/google-gke-nfs-filestore/main.tf b/_examples/google-gke-nfs-filestore/main.tf
index 3a5927eca6..91f8e6b25f 100644
--- a/_examples/google-gke-nfs-filestore/main.tf
+++ b/_examples/google-gke-nfs-filestore/main.tf
@@ -26,8 +26,8 @@ variable "workers_count" {
 }
 
 data "google_container_engine_versions" "supported" {
-  location           = data.google_compute_zones.available.names[0]
-  version_prefix     = var.kubernetes_version
+  location       = data.google_compute_zones.available.names[0]
+  version_prefix = var.kubernetes_version
 }
 
 # If the result is empty '[]', the GKE default_cluster_version will be used.
@@ -37,7 +37,7 @@ output "available_master_versions_matching_user_input" {
 
 # Shared network for GKE cluster and Filestore to use.
 resource "google_compute_network" "vpc" {
-  name = "shared"
+  name                    = "shared"
   auto_create_subnetworks = true
 }
 
@@ -49,7 +49,7 @@ resource "google_container_cluster" "primary" {
   min_master_version = data.google_container_engine_versions.supported.latest_master_version
   # node version must match master version
   # https://www.terraform.io/docs/providers/google/r/container_cluster.html#node_version
-  node_version       = data.google_container_engine_versions.supported.latest_master_version
+  node_version = data.google_container_engine_versions.supported.latest_master_version
 
   node_locations = [
     data.google_compute_zones.available.names[1],
@@ -109,7 +109,7 @@ resource "local_file" "kubeconfig" {
 }
 
 provider "kubernetes" {
-  version = "1.11.2"
+  version          = "1.11.2"
   load_config_file = "false"
 
   host = google_container_cluster.primary.endpoint
@@ -131,7 +131,7 @@ resource "kubernetes_storage_class" "nfs" {
   metadata {
     name = "filestore"
   }
-  reclaim_policy  = "Retain"
+  reclaim_policy      = "Retain"
   storage_provisioner = "nfs"
 }
 
@@ -144,11 +144,11 @@ resource "kubernetes_persistent_volume" "example" {
       storage = "1T"
     }
     storage_class_name = kubernetes_storage_class.nfs.metadata[0].name
-    access_modes = ["ReadWriteMany"]
+    access_modes       = ["ReadWriteMany"]
     persistent_volume_source {
       nfs {
         server = google_filestore_instance.test.networks[0].ip_addresses[0]
-        path = "/${google_filestore_instance.test.file_shares[0].name}"
+        path   = "/${google_filestore_instance.test.file_shares[0].name}"
       }
     }
   }
@@ -156,13 +156,13 @@ resource "kubernetes_persistent_volume" "example" {
 
 resource "kubernetes_persistent_volume_claim" "example" {
   metadata {
-    name = "mariadb-data"
+    name      = "mariadb-data"
     namespace = "test"
   }
   spec {
-    access_modes = ["ReadWriteMany"]
+    access_modes       = ["ReadWriteMany"]
     storage_class_name = kubernetes_storage_class.nfs.metadata[0].name
-    volume_name = kubernetes_persistent_volume.example.metadata[0].name
+    volume_name        = kubernetes_persistent_volume.example.metadata[0].name
     resources {
       requests = {
         storage = "1T"
@@ -173,7 +173,7 @@ resource "kubernetes_persistent_volume_claim" "example" {
 
 resource "kubernetes_deployment" "mariadb" {
   metadata {
-    name = "mariadb-example"
+    name      = "mariadb-example"
     namespace = "test"
     labels = {
       mylabel = "MyExampleApp"
@@ -202,7 +202,7 @@ resource "kubernetes_deployment" "mariadb" {
           name  = "example"
 
           env {
-            name = "MYSQL_RANDOM_ROOT_PASSWORD"
+            name  = "MYSQL_RANDOM_ROOT_PASSWORD"
             value = true
           }
 
diff --git a/_examples/http-nginx/README.md b/_examples/http-nginx/README.md
deleted file mode 100644
index bb9fb4c8f2..0000000000
--- a/_examples/http-nginx/README.md
+++ /dev/null
@@ -1,68 +0,0 @@
-# Example: NGINX (HTTP)
-
-This example is heavily inspired by https://github.com/kubernetes/examples/tree/master/staging/https-nginx
-
-It shows how to spin up a basic HTTP server on Kubernetes using [nginx](https://www.nginx.com)
-which is exposed to the internet through a load balancer (provisioned automatically by K8S).
-
-## Used resources
-
- - `kubernetes_replication_controller`
- - `kubernetes_service`
-
-## Prerequisites
-
-*This example uses syntax elements specific to Terraform version 0.12+.
-It will not work out-of-the-box with Terraform 0.11.x and lower.*
-
-This example expects you to already have a running K8S cluster
-and credentials set up in a config or environment variables.
-
-See [related docs](../google-gke-cluster/README.md) if you don't have any of those.
-
-## How to
-
-### Create
-
-First we make sure the Kubernetes provider is downloaded and available
-
-```sh
-terraform init
-```
-
-then we carry on by creating the resources
-
-```sh
-terraform apply
-```
-
-you may optionally specify the version of nginx like this
-
-```sh
-terraform apply -var 'nginx_version=1.7.8'
-```
-
-After the `apply` operation has finished you should see output
-in your console similar to the one below
-
-```
-...
-
-Outputs:
-
-lb_ip = 35.197.9.247
-```
-
-This is the IP address of your public load balancer
-which exposes the web server. Open that IP in your
-browser to see the nginx welcome page.
-
-```sh
-open "http://$(terraform output lb_ip)"
-```
-
-### Destroy
-
-```
-terraform destroy
-```
diff --git a/_examples/http-nginx/replication-controller.tf b/_examples/http-nginx/replication-controller.tf
deleted file mode 100644
index c1352c5fe0..0000000000
--- a/_examples/http-nginx/replication-controller.tf
+++ /dev/null
@@ -1,45 +0,0 @@
-resource "kubernetes_replication_controller" "example" {
-  metadata {
-    name = "terraform-nginx-example"
-    labels = {
-      App = "TerraformNginxExample"
-    }
-  }
-
-  spec {
-    selector = {
-      App = "TerraformNginxExample"
-    }
-    template {
-      container {
-        image = "nginx:${var.nginx_version}"
-        name  = "example"
-
-        port {
-          container_port = 80
-        }
-
-        liveness_probe {
-          http_get {
-            path = "/index.html"
-            port = 80
-          }
-          initial_delay_seconds = 30
-          timeout_seconds       = 1
-        }
-
-        resources {
-          limits = {
-            cpu    = "0.5"
-            memory = "512Mi"
-          }
-          requests = {
-            cpu    = "250m"
-            memory = "50Mi"
-          }
-        }
-      }
-    }
-  }
-}
-
diff --git a/_examples/http-nginx/service.tf b/_examples/http-nginx/service.tf
deleted file mode 100644
index 800338af2d..0000000000
--- a/_examples/http-nginx/service.tf
+++ /dev/null
@@ -1,22 +0,0 @@
-resource "kubernetes_service" "example" {
-  metadata {
-    name = "terraform-nginx-example"
-  }
-  spec {
-    selector = {
-      App = kubernetes_replication_controller.example.metadata[0].labels.App
-    }
-    session_affinity = "ClientIP"
-    port {
-      port        = 80
-      target_port = 80
-    }
-
-    type = "LoadBalancer"
-  }
-}
-
-output "lb_ip" {
-  value = kubernetes_service.example.load_balancer_ingress[0].ip
-}
-
diff --git a/_examples/http-nginx/variables.tf b/_examples/http-nginx/variables.tf
deleted file mode 100644
index 46a34d3273..0000000000
--- a/_examples/http-nginx/variables.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-variable "nginx_version" {
-  default = "1.7.8"
-}
-
diff --git a/_examples/ingress/README.md b/_examples/ingress/README.md
index dc08868c0b..87e394e8d8 100644
--- a/_examples/ingress/README.md
+++ b/_examples/ingress/README.md
@@ -1,6 +1,9 @@
-# Example: Ingress
+# Example: Ingress with AWS ELB
 
 ## Prerequisites
 
-*This example uses syntax elements specific to Terraform version 0.12+.
-It will not work out-of-the-box with Terraform 0.11.x and lower.*
+* This example uses syntax elements specific to Terraform version 0.12+.
+It will not work out-of-the-box with Terraform 0.11.x and lower.
+
+* This example uses annotations specific to the [AWS Load Balancer Controller](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html).
+
diff --git a/_examples/ingress/main.tf b/_examples/ingress/main.tf
index be0671e6bd..d7d9628b80 100644
--- a/_examples/ingress/main.tf
+++ b/_examples/ingress/main.tf
@@ -1,166 +1,54 @@
-provider "kubernetes" {
-}
-
-resource "kubernetes_ingress" "example" {
-  metadata {
-    name = "example"
-
-    annotations = {
-      "ingress.kubernetes.io/rewrite-target" = "/"
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
     }
   }
+}
 
-  spec {
-    backend {
-      service_name = "echoserver"
-      service_port = 8080
-    }
-
-    rule {
-      host = "myminikube.info"
-
-      http {
-        path {
-          path = "/"
-
-          backend {
-            service_name = "echoserver"
-            service_port = 8080
-          }
-        }
-      }
-    }
-
-    rule {
-      host = "cheeses.all"
-
-      http {
-        path {
-          path = "/stilton"
-
-          backend {
-            service_name = "stilton-cheese"
-            service_port = 80
-          }
-        }
-
-        path {
-          path = "/cheddar"
-
-          backend {
-            service_name = "cheddar"
-            service_port = 80
-          }
-        }
-      }
-    }
+resource "kubernetes_namespace" "test" {
+  metadata {
+    name      = "test"
+    namespace = "test"
   }
 }
 
-resource "kubernetes_service" "echoserver" {
+resource "kubernetes_service" "test" {
   metadata {
-    name = "echoserver"
+    name      = "test"
+    namespace = kubernetes_namespace.test.metadata.0.name
   }
-
   spec {
-    selector = {
-      app = "echoserver"
-    }
-
     port {
-      port        = 8080
-      target_port = 8080
+      port        = 80
+      target_port = 80
+      protocol    = "TCP"
     }
-
     type = "NodePort"
   }
 }
 
-resource "kubernetes_deployment" "echoserver" {
+resource "kubernetes_ingress" "test" {
   metadata {
-    name = "echoserver"
-  }
-
-  spec {
-    selector {
-      match_labels = {
-        app = "echoserver"
-      }
-    }
-
-    template {
-      metadata {
-        labels = {
-          app = "echoserver"
-        }
-      }
-
-      spec {
-        container {
-          name  = "echoserver"
-          image = "gcr.io/google_containers/echoserver:1.4"
-
-          port {
-            container_port = 8080
-          }
-        }
-      }
+    name      = "test"
+    namespace = kubernetes_namespace.test.metadata.0.name
+    annotations = {
+      "kubernetes.io/ingress.class"           = "alb"
+      "alb.ingress.kubernetes.io/scheme"      = "internet-facing"
+      "alb.ingress.kubernetes.io/target-type" = "ip"
     }
   }
-}
-
-resource "kubernetes_deployment" "cheddar" {
-  metadata {
-    name = "cheddar-cheese"
-  }
-
   spec {
-    selector {
-      match_labels = {
-        app = "cheddar"
-      }
-    }
-
-    template {
-      metadata {
-        labels = {
-          app = "cheddar"
-        }
-      }
-
-      spec {
-        container {
-          name  = "cheddar"
-          image = "errm/cheese:cheddar"
-
-          port {
-            container_port = 80
+    rule {
+      http {
+        path {
+          path = "/*"
+          backend {
+            service_name = kubernetes_service.test.metadata.0.name
+            service_port = 80
           }
         }
       }
     }
   }
 }
-
-resource "kubernetes_service" "cheddar" {
-  metadata {
-    name = "cheddar"
-  }
-
-  spec {
-    selector = {
-      app = "cheddar"
-    }
-
-    port {
-      port        = 80
-      target_port = 80
-    }
-
-    type = "NodePort"
-  }
-}
-
-output "ingress_ip" {
-  value = formatlist("%s ", kubernetes_ingress.example.load_balancer_ingress.*.ip)
-}
diff --git a/_examples/job/main.tf b/_examples/job/main.tf
index 81ee8b4a86..c621c09601 100644
--- a/_examples/job/main.tf
+++ b/_examples/job/main.tf
@@ -1,27 +1,39 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.0"
+    }
+  }
+}
+
+variable "kube_config_file" {
+  default = "~/.kube/config"
+}
+
 provider "kubernetes" {
+  config_path = var.kube_config_file
 }
 
-resource "kubernetes_job" "test-pr" {
+resource "kubernetes_job" "test" {
   metadata {
-    name = "job-with-wait"
-    namespace = "default"
+    name = "test"
   }
   spec {
-    completions = 1
+    active_deadline_seconds = 120
+    backoff_limit           = 10
+    completions             = 10
+    parallelism             = 2
     template {
       metadata {}
       spec {
         container {
-          name = "sleep"
-          image = "busybox:latest"
+          name    = "hello"
+          image   = "busybox"
           command = ["sleep", "30"]
         }
-        restart_policy = "Never"
       }
     }
   }
   wait_for_completion = true
-  timeouts {
-    create = "40s"
-  }
-}
\ No newline at end of file
+}
diff --git a/scripts/fmt-examples.sh b/scripts/fmt-examples.sh
new file mode 100755
index 0000000000..76e72690f4
--- /dev/null
+++ b/scripts/fmt-examples.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+# Check examples dir for formatting errors.
+set -o errexit
+set -o errtrace
+set -o nounset
+set -o pipefail
+
+#--------------
+# Functions
+#--------------
+
+function formatting_check() {
+  cd _examples
+  for dir in $(ls); do
+    cd ${dir}
+    terraform fmt --check --list=false || (echo "Formatting errors found in dir: _examples/${dir}"; exit 1)
+    cd -
+  done
+}
+
+function formatting_diff() {
+  cd _examples
+  for dir in $(ls); do
+    cd ${dir}
+    terraform fmt --check -diff || (echo "Formatting errors found in dir: _examples/${dir}"; exit 1)
+    cd -
+  done
+}
+
+function formatting_fix() {
+  cd _examples
+  for dir in $(ls); do
+    cd ${dir}
+    terraform fmt
+    cd -
+  done
+}
+
+#--------------
+# Main
+#--------------
+
+input="${1:-}"
+
+case ${input} in
+diff)
+  formatting_diff
+  ;;
+fix)
+  formatting_fix
+  ;;
+*)
+  formatting_check
+  ;;
+esac