chore: Use # for comments. It's the recommended way to start comment and it's more idiomatic (#1079)

2026-01-15 16:23:58 +01:00 · 2020-11-02 08:35:12 +01:00
parent 127a3a8831
commit 571e4e7f4b
4 changed files with 34 additions and 31 deletions
--- a/examples/launch_templates_with_managed_node_groups/disk_encryption_policy.tf
+++ b/examples/launch_templates_with_managed_node_groups/disk_encryption_policy.tf
@@ -1,4 +1,4 @@
-// if you have used ASGs before, that role got auto-created already and you need to import to TF state
+# if you have used ASGs before, that role got auto-created already and you need to import to TF state
 resource "aws_iam_service_linked_role" "autoscaling" {
  aws_service_name = "autoscaling.amazonaws.com"
  description      = "Default Service-Linked Role enables access to AWS Services and Resources used or managed by Auto Scaling"
@@ -6,9 +6,9 @@ resource "aws_iam_service_linked_role" "autoscaling" {

 data "aws_caller_identity" "current" {}

-// This policy is required for the KMS key used for EKS root volumes, so the cluster is allowed to enc/dec/attach encrypted EBS volumes
+# This policy is required for the KMS key used for EKS root volumes, so the cluster is allowed to enc/dec/attach encrypted EBS volumes
 data "aws_iam_policy_document" "ebs_decryption" {
-  // copy of default KMS policy that lets you manage it
+  # Copy of default KMS policy that lets you manage it
  statement {
    sid    = "Enable IAM User Permissions"
    effect = "Allow"
@@ -25,7 +25,7 @@ data "aws_iam_policy_document" "ebs_decryption" {
    resources = ["*"]
  }

-  // required for EKS
+  # Required for EKS
  statement {
    sid    = "Allow service-linked role use of the CMK"
    effect = "Allow"
@@ -33,8 +33,8 @@ data "aws_iam_policy_document" "ebs_decryption" {
    principals {
      type = "AWS"
      identifiers = [
-        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling", // required for the ASG to manage encrypted volumes for nodes
-        module.eks.cluster_iam_role_arn,                                                                                                            // required for the cluster / persistentvolume-controller to create encrypted PVCs
+        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling", # required for the ASG to manage encrypted volumes for nodes
+        module.eks.cluster_iam_role_arn,                                                                                                            # required for the cluster / persistentvolume-controller to create encrypted PVCs
      ]
    }

@@ -56,8 +56,8 @@ data "aws_iam_policy_document" "ebs_decryption" {
    principals {
      type = "AWS"
      identifiers = [
-        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling", // required for the ASG to manage encrypted volumes for nodes
-        module.eks.cluster_iam_role_arn,                                                                                                            // required for the cluster / persistentvolume-controller to create encrypted PVCs
+        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling", # required for the ASG to manage encrypted volumes for nodes
+        module.eks.cluster_iam_role_arn,                                                                                                            # required for the cluster / persistentvolume-controller to create encrypted PVCs
      ]
    }

--- a/examples/launch_templates_with_managed_node_groups/launchtemplate.tf
+++ b/examples/launch_templates_with_managed_node_groups/launchtemplate.tf
@@ -11,12 +11,12 @@ data "template_file" "launch_template_userdata" {
  }
 }

-// this is based on the LT that EKS would create if no custom one is specified (aws ec2 describe-launch-template-versions --launch-template-id xxx)
-// there are several more options one could set but you probably dont need to modify them
-// you can take the default and add your custom AMI and/or custom tags
-//
-// Trivia: AWS transparently creates a copy of your LaunchTemplate and actually uses that copy then for the node group. If you DONT use a custom AMI, 
-// then the default user-data for bootstrapping a cluster is merged in the copy. 
+# This is based on the LT that EKS would create if no custom one is specified (aws ec2 describe-launch-template-versions --launch-template-id xxx)
+# there are several more options one could set but you probably dont need to modify them
+# you can take the default and add your custom AMI and/or custom tags
+#
+# Trivia: AWS transparently creates a copy of your LaunchTemplate and actually uses that copy then for the node group. If you DONT use a custom AMI,
+# then the default user-data for bootstrapping a cluster is merged in the copy.
 resource "aws_launch_template" "default" {
  name_prefix            = "eks-example-"
  description            = "Default Launch-Template"
@@ -29,10 +29,11 @@ resource "aws_launch_template" "default" {
      volume_size           = 100
      volume_type           = "gp2"
      delete_on_termination = true
-      //encrypted             = true
-      // enable this if you want to encrypt your node root volumes with a KMS/CMK. encryption of PVCs is handled via k8s StorageClass tho
-      // you also need to attach data.aws_iam_policy_document.ebs_decryption.json from the disk_encryption_policy.tf to the KMS/CMK key then !!
-      //kms_key_id            = var.kms_key_arn 
+      # encrypted             = true
+
+      # Enable this if you want to encrypt your node root volumes with a KMS/CMK. encryption of PVCs is handled via k8s StorageClass tho
+      # you also need to attach data.aws_iam_policy_document.ebs_decryption.json from the disk_encryption_policy.tf to the KMS/CMK key then !!
+      # kms_key_id            = var.kms_key_arn
    }
  }

@@ -48,19 +49,20 @@ resource "aws_launch_template" "default" {
    security_groups             = [module.eks.worker_security_group_id]
  }

-  //image_id      = var.ami_id // if you want to use a custom AMI
+  # if you want to use a custom AMI
+  # image_id      = var.ami_id

-  // if you use a custom AMI, you need to supply via user-data, the bootstrap script as EKS DOESNT merge its managed user-data then
-  // you can add more than the minimum code you see in the template, e.g. install SSM agent, see https://github.com/aws/containers-roadmap/issues/593#issuecomment-577181345
-  //
-  // (optionally you can use https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/cloudinit_config to render the script, example: https://github.com/terraform-aws-modules/terraform-aws-eks/pull/997#issuecomment-705286151)
+  # If you use a custom AMI, you need to supply via user-data, the bootstrap script as EKS DOESNT merge its managed user-data then
+  # you can add more than the minimum code you see in the template, e.g. install SSM agent, see https://github.com/aws/containers-roadmap/issues/593#issuecomment-577181345
+  #
+  # (optionally you can use https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/cloudinit_config to render the script, example: https://github.com/terraform-aws-modules/terraform-aws-eks/pull/997#issuecomment-705286151)

-  // user_data = base64encode(
-  //   data.template_file.launch_template_userdata.rendered,
-  // )
+  # user_data = base64encode(
+  #   data.template_file.launch_template_userdata.rendered,
+  # )


-  // supplying custom tags to EKS instances is another use-case for LaunchTemplates
+  # Supplying custom tags to EKS instances is another use-case for LaunchTemplates
  tag_specifications {
    resource_type = "instance"

@@ -69,7 +71,7 @@ resource "aws_launch_template" "default" {
    }
  }

-  // supplying custom tags to EKS instances root volumes is another use-case for LaunchTemplates. (doesnt add tags to dynamically provisioned volumes via PVC tho)
+  # Supplying custom tags to EKS instances root volumes is another use-case for LaunchTemplates. (doesnt add tags to dynamically provisioned volumes via PVC tho)
  tag_specifications {
    resource_type = "volume"

@@ -78,7 +80,7 @@ resource "aws_launch_template" "default" {
    }
  }

-  // tag the LT itself
+  # Tag the LT itself
  tags = {
    CustomTag = "EKS example"
  }
--- a/examples/launch_templates_with_managed_node_groups/main.tf
+++ b/examples/launch_templates_with_managed_node_groups/main.tf
@@ -65,7 +65,7 @@ module "vpc" {
  enable_dns_hostnames = true

  private_subnet_tags = {
-    "kubernetes.io/cluster/${local.cluster_name}" = "shared" // EKS adds this and TF would want to remove then later
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared" # EKS adds this and TF would want to remove then later
  }
 }

--- a/examples/launch_templates_with_managed_node_groups/variables.tf
+++ b/examples/launch_templates_with_managed_node_groups/variables.tf
@@ -3,7 +3,8 @@ variable "region" {
 }

 variable "instance_type" {
-  default = "t3.small" // smallest recommended, where ~1.1Gb of 2Gb memory is available for the Kubernetes pods after ‘warming up’ Docker, Kubelet, and OS
+  # Smallest recommended, where ~1.1Gb of 2Gb memory is available for the Kubernetes pods after ‘warming up’ Docker, Kubelet, and OS
+  default = "t3.small"
  type    = string
 }