docs: add getting started tutorial (#94)

Author: michaelawyu

.gitignore

@@ -31,4 +31,7 @@ coverage.xml
 *.swo
 *~
 
+# Python virtualenv
+examples/getting-started/app/env
+
 .vscode/

charts/mcs-controller-manager/README.md

@@ -47,4 +47,4 @@ helm upgrade mcs-controller-manager ./charts/mcs-controller-manager/
 | affinity | The node affinity to use for pod scheduling | `{}` |
 | tolerations | The toleration to use for pod scheduling | `[]` |
 
-## Contributing Changes
+## Contributing Changes

examples/getting-started/README.md

@@ -0,0 +1,10 @@
+FROM python:3
+
+RUN mkdir -p /workplace/app
+ADD main.py /workplace/app
+ADD requirements.txt /workplace/app
+
+WORKDIR /workplace/app
+RUN pip install -r requirements.txt
+
+CMD ["python", "main.py"]

examples/getting-started/app/Dockerfile

@@ -0,0 +1,27 @@
+from flask import Flask, jsonify
+import os
+
+app = Flask(__name__)
+pod_name = "unknown"
+pod_namespace = "unknown"
+cluster_id = os.environ.get("MEMBER_CLUSTER_ID", "unknown")
+
+@app.route("/")
+def hello_world():
+    return jsonify(
+        message="Hello World!",
+        pod_name=pod_name,
+        pod_namespace=pod_namespace,
+        cluster_id=cluster_id
+    )
+
+if __name__ == "__main__":
+    try:
+        with open("/etc/podinfo/name", "rt") as f:
+            pod_name = f.read()
+        with open("/etc/podinfo/namespace", "rt") as f:
+            pod_namespace = f.read()
+    except:
+        pass
+
+    app.run(host="0.0.0.0", port=8080, debug=True)

examples/getting-started/app/main.py

@@ -0,0 +1 @@
+flask>=2.1.3

examples/getting-started/app/requirements.txt

@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app
+  namespace: work
+  labels:
+    app: hello-world
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: hello-world
+  template:
+    metadata:
+      labels:
+        app: hello-world
+    spec:
+      containers:
+        - name: python
+          image: $REGISTRY/app
+          imagePullPolicy: Always
+          ports:
+          - containerPort: 8080
+          env:
+          - name: MEMBER_CLUSTER_ID
+            valueFrom:
+              configMapKeyRef:
+                name: member-cluster-id
+                key: id
+          resources:
+            requests:
+              cpu: "0.2"
+              memory: "400M"
+            limits:
+              cpu: "0.2"
+              memory: "400M"
+          volumeMounts:
+            - mountPath: /etc/podinfo
+              name: podinfo
+      volumes:
+        - name: podinfo
+          downwardAPI:
+            items:
+              - path: "name"
+                fieldRef:
+                  fieldPath: metadata.name
+              - path: "namespace"
+                fieldRef:
+                  fieldPath: metadata.namespace
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: app
+  namespace: work
+spec:
+  type: LoadBalancer
+  selector:
+    app: hello-world
+  ports:
+  - port: 80
+    targetPort: 8080

examples/getting-started/artifacts/app-svc.yaml

@@ -0,0 +1,87 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: fleet-networking-controller
+  namespace: fleet-member-[YOUR-MEMBER-CLUSTER-1]
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - get
+  - list
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
+  - patch
+- apiGroups: 
+  - networking.fleet.azure.com
+  resources: ["*"]
+  verbs: ["*"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: fleet-networking-controller
+  namespace: fleet-member-[YOUR-MEMBER-CLUSTER-1]
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: fleet-networking-controller
+subjects:
+  - kind: User
+    name: [YOUR-MEMBER-CLUSTER-1-PRINCIPAL-ID]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: fleet-networking-controller
+  namespace: fleet-member-[YOUR-MEMBER-CLUSTER-2]
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - get
+  - list
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
+  - patch
+- apiGroups: 
+  - networking.fleet.azure.com
+  resources: ["*"]
+  verbs: ["*"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: fleet-networking-controller
+  namespace: fleet-member-[YOUR-MEMBER-CLUSTER-2]
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: fleet-networking-controller
+subjects:
+  - kind: User
+    name: [YOUR-MEMBER-CLUSTER-2-PRINCIPAL-ID]

examples/getting-started/artifacts/hub-rbac.yaml

@@ -0,0 +1,8 @@
+apiVersion: networking.fleet.azure.com/v1alpha1
+kind: MultiClusterService
+metadata:
+  name: app
+  namespace: work
+spec:
+  serviceImport:
+    name: app

examples/getting-started/artifacts/mcs.yaml

@@ -0,0 +1,5 @@
+apiVersion: networking.fleet.azure.com/v1alpha1
+kind: ServiceExport
+metadata:
+  name: app
+  namespace: work

examples/getting-started/artifacts/svc-export.yaml

@@ -0,0 +1,109 @@
+if [ -z ${SUBSCRIPTION_ID+x} ]; then
+    echo "Subscription ID is not set; to use the script, set the SUBSCRIPTION_ID variable."
+    exit 1
+fi
+
+if [ -z ${RESOURCE_GROUP+x} ]; then
+    echo "Resource group is not set; to use the script, set the RESOURCE_GROUP variable."
+    exit 1
+fi
+
+if [ -z ${LOCATION+x} ]; then
+    echo "Location is not set; to use the script, set the LOCATION variable."
+    exit 1
+fi
+
+if [ -z ${REGISTRY+x} ]; then
+    echo "Registry is not set; to use the script, set the REGISTRY variable."
+    exit 1
+fi
+
+if [[ $REGISTRY == *.azurecr.io ]]; then
+    echo "Registry is set with the full URL; to use the script, update the REGISTRY variable to use the registry name only."
+    exit 1
+fi
+
+echo "Creating the resource group..."
+az group create --name $RESOURCE_GROUP --location $LOCATION
+
+echo "Creating the virtual network..."
+export VNET=fleet
+export HUB_SUBNET=hub
+export MEMBER_1_SUBNET=member-1
+export MEMBER_2_SUBNET=member-2
+
+az network vnet create \
+    --name $VNET \
+    -g $RESOURCE_GROUP \
+    --address-prefixes 10.0.0.0/8
+az network vnet subnet create \
+    --vnet-name $VNET \
+    --name $HUB_SUBNET \
+    -g $RESOURCE_GROUP \
+    --address-prefixes 10.1.0.0/16
+az network vnet subnet create \
+    --vnet-name $VNET \
+    --name $MEMBER_1_SUBNET \
+    -g $RESOURCE_GROUP \
+    --address-prefixes 10.2.0.0/16
+az network vnet subnet create \
+    --vnet-name $VNET \
+    --name $MEMBER_2_SUBNET \
+    -g $RESOURCE_GROUP \
+    --address-prefixes 10.3.0.0/16
+
+echo "Creating the container registry..."
+az acr create -g $RESOURCE_GROUP -n $REGISTRY --sku basic
+sleep 10
+az acr login -n $REGISTRY
+
+echo "Creating the hub cluster..."
+export NODE_COUNT=2
+export HUB_CLUSTER=hub
+az aks create \
+    --location $LOCATION \
+    --resource-group $RESOURCE_GROUP \
+    --name $HUB_CLUSTER \
+    --attach-acr $REGISTRY \
+    --node-count $NODE_COUNT \
+    --generate-ssh-keys \
+    --enable-aad \
+    --enable-azure-rbac \
+    --network-plugin azure \
+    --vnet-subnet-id "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.Network/virtualNetworks/$VNET/subnets/$HUB_SUBNET" \
+    --yes
+
+echo "Creating the first member cluster..."
+export MEMBER_CLUSTER_1=member-1
+az aks create \
+    --location $LOCATION \
+    --resource-group $RESOURCE_GROUP \
+    --name $MEMBER_CLUSTER_1 \
+    --attach-acr $REGISTRY \
+    --node-count $NODE_COUNT \
+    --generate-ssh-keys \
+    --enable-aad \
+    --enable-azure-rbac \
+    --network-plugin azure \
+    --vnet-subnet-id "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.Network/virtualNetworks/$VNET/subnets/$MEMBER_1_SUBNET" \
+    --yes
+
+echo "Creating the second member cluster..."
+export MEMBER_CLUSTER_2=member-2
+az aks create \
+    --location $LOCATION \
+    --resource-group $RESOURCE_GROUP \
+    --name $MEMBER_CLUSTER_2 \
+    --attach-acr $REGISTRY \
+    --node-count $NODE_COUNT \
+    --generate-ssh-keys \
+    --enable-aad \
+    --enable-azure-rbac \
+    --network-plugin azure \
+    --vnet-subnet-id "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.Network/virtualNetworks/$VNET/subnets/$MEMBER_2_SUBNET" \
+    --yes
+
+echo "Retrieving credentials for the Kubernetes clusters..."
+az aks get-credentials --name $HUB_CLUSTER -g $RESOURCE_GROUP --admin
+az aks get-credentials --name $MEMBER_CLUSTER_1 -g $RESOURCE_GROUP --admin
+az aks get-credentials --name $MEMBER_CLUSTER_2 -g $RESOURCE_GROUP --admin