add networking examples: placement + mcs

examples/fleet/README.md

@@ -4,6 +4,7 @@ This directory contains a number of examples of how to deploy applications to mu
 
 ## Examples
 
-| Name | Description | Notable Features Used | Complexity Level|
-------------------------------------|------------------------|-------------------------------------------------------------| ------------ |
-| [HelloWorld](helloworld/) | Hello World app | Resource Placement: Deployment, Service | Beginner |
+| Name | Description | Notable Features Used | Complexity Level |
+---------------------------|-----------------|---------------------------------------------------------------------------------|------------------|
+| [HelloWorld](helloworld/) | Hello World app | Resource Placement: Deployment, Service | Beginner |
+| [Kuard](kuard/) | Kuard app | Resource Placement: Deployment, Service, Service Export, Multi-Cluster Service | Intermediate |

examples/fleet/helloworld/README.md

@@ -122,7 +122,7 @@ The application is from https://kubernetes.io/docs/tutorials/stateless-applicati
  
  The output is similar to:
 
- ```coonsole
+ ```console
  NAME READY STATUS RESTARTS AGE
  pod/hello-world-6755976cfc-8qhht 1/1 Running 0 15m
  pod/hello-world-6755976cfc-c5p5j 1/1 Running 0 15m

examples/fleet/kuard/README.md

@@ -0,0 +1,184 @@
+# Example: Exporting service using Fleet resource placement
+
+This directory contains the instructions on how to export services using Fleet resource placement and setup Layer 4 load balancing across workloads deployed across fleet member clusters.
+
+The application is using [kuard](https://github.com/kubernetes-up-and-running/kuard) as the service to demonstrate the responding cluster/pod.
+
+## Before you begin
+* Install [kubectl](https://kubernetes.io/docs/tasks/tools/).
+* Create a fleet with three members: `aks-member-1`, `aks-member-2`, and `aks-member-3` using [Azure CNI networking](https://review.learn.microsoft.com/en-us/azure/aks/configure-azure-cni).
+* Member clusters reside on the same virtual network, or [peered virtual networks](https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview) such that pods from different clusters can communicate directly with each other using pod IPs.
+* Configure kubectl to communicate with your hub cluster.
+* Get `kubeconfig` files for member clusters as `member1`, `member2`, and `member3`.
+
+## Objectives
+* Deploy a Kuard demo application with an internal load balancer service and export the service in the hub cluster.
+* Place the resources (deployment, service, service export) to member clusters.
+* Expose fleet-wide endpoints from exported services with a multi-cluster service.
+
+## Steps
+
+### 1. Deploy to the Hub Cluster
+
+1. Switch to the hub cluster context to create namespace:
+
+ ```shell
+ kubectl create namespace kuard-demo
+ ```
+
+2. Deploy a Kuard demo application with an internal load balancer service and export the service.
+
+ ```shell
+ kubectl apply -f https://raw.githubusercontent.com/Azure/AKS/master/examples/fleet/kuard/kuard-export-service.yaml
+ ```
+
+3. Verify the application is deployed but not running:
+
+ ```shell
+ kubectl get all -n kuard-demo
+ ```
+
+ The output is similar to:
+
+ ```console
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ service/kuard LoadBalancer 10.0.72.28 <pending> 8080:32629/TCP 23s
+
+ NAME READY UP-TO-DATE AVAILABLE AGE
+ deployment.apps/kuard 0/2 0 0 25s
+ ```
+ Note that the deployment does not result in any pod created on the hub cluster (`READY: 0/2`) and the service doesn't have an external IP (`EXTERNAL-IP: <pending>`).
+ This is working as expected as the objective is to deploy the application to member clusters not the hub cluster.
+
+4. Verify the service export is created but not running:
+ ```shell
+ kubectl get serviceexport -n kuard-demo
+ ```
+
+ The output is similar to:
+
+ ```console
+ NAME IS-VALID IS-CONFLICTED AGE
+ kuard 2m53s
+ ```
+ Note that the `IS-VALID` and `IS-CONFLICTED` is empty. 
+ This is working as expected as the objective is to deploy the service export to member clusters not the hub cluster.
+
+### 2. Place to Member Clusters
+
+1. Place to all the member clusters
+
+ ```shell
+ kubectl apply -f https://raw.githubusercontent.com/Azure/AKS/master/examples/fleet/kuard/kuard-crp.yaml
+ ```
+ 
+2. Verify the placement status:
+
+ ```shell
+ kubectl get crp kuard -o yaml | grep status -A 1000
+ ```
+
+ The output is similar to:
+
+ ```yaml
+ status:
+ conditions:
+ - lastTransitionTime: "2022-09-20T06:31:57Z"
+ message: Successfully scheduled resources for placement
+ observedGeneration: 1
+ reason: ScheduleSucceeded
+ status: "True"
+ type: Scheduled
+ - lastTransitionTime: "2022-09-20T06:31:58Z"
+ message: Successfully applied resources to member clusters
+ observedGeneration: 1
+ reason: ApplySucceeded
+ status: "True"
+ type: Applied
+ selectedResources:
+ - group: networking.fleet.azure.com
+ kind: ServiceExport
+ name: kuard
+ namespace: kuard-demo
+ version: v1
+ - kind: Service
+ name: kuard
+ namespace: kuard-demo
+ version: v1
+ - kind: Namespace
+ name: kuard-demo
+ version: v1
+ targetClusters:
+ - aks-member-3
+ - aks-member-2
+ - aks-member-1
+ ```
+ 
+ All the resources under namespace `kuard-demo` (including the namespace) are selected and placed to all the member clusters.
+
+3. Switch to the member clusters to verify the resource has been created:
+
+ ```shell
+ KUBECONFIG=member1 kubectl get all -n kuard-demo
+ KUBECONFIG=member2 kubectl get all -n kuard-demo
+ KUBECONFIG=member3 kubectl get all -n kuard-demo
+ ```
+
+ The output is similar to:
+
+ ```console
+ NAME READY STATUS RESTARTS AGE 
+ pod/kuard-7788d9bc5-bp8qw 1/1 Running 0 13m 
+ pod/kuard-7788d9bc5-tp54d 1/1 Running 0 13m
+
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ service/kuard LoadBalancer 10.0.188.8 10.2.0.62 8080:32629/TCP 13m
+
+ NAME READY UP-TO-DATE AVAILABLE AGE 
+ deployment.apps/kuard 2/2 2 2 13m
+
+ NAME DESIRED CURRENT READY AGE 
+ replicaset.apps/kuard-7788d9bc5 2 2 2 13m
+ ```
+4. Switch to the member clusters to verify the service export has been created:
+ 
+ ```shell
+ kubectl get serviceexport -n kuard-demo
+ ```
+
+ The output is similar to:
+ ```console
+ NAME IS-VALID IS-CONFLICTED AGE
+ kuard True False 13m
+ ```
+ The service is valid for export (`IS-VALID` field is true) and has no conflicts with other exports (`IS-CONFLICT` is false).
+
+### 3. Expose fleet-wide endpoints from exported services with a multi-cluster service
+
+1. Switch to `aks-member-1` context to create a multi-cluster service. The endpoints will then be exposed with a L4 load balancer using `aks-member-1` nodes.
+
+ ```shell
+ kubectl apply -f https://raw.githubusercontent.com/Azure/AKS/master/examples/fleet/kuard/kuard-mcs.yaml
+ ```
+2. Verify the mutli-cluster service is valid:
+
+ ```shell
+ kubectl get mcs -n kuard-demo
+ ```
+
+ The output is similar to:
+
+ ```console
+ NAME SERVICE-IMPORT EXTERNAL-IP IS-VALID AGE
+ kuard kuard 20.253.64.1 True 26s
+ ```
+3. Access the running service:
+
+ ```shell
+ curl 20.253.64.1:8080
+ ```
+ Or access the https://20.253.64.1:8080 in the browser.
+
+ The request will randomly hit different pods.
+
+Congratulations, you have created your first multi-cluster service using Fleet resource placement.

examples/fleet/kuard/kuard-crp.yaml

@@ -0,0 +1,12 @@
+apiVersion: fleet.azure.com/v1alpha1
+kind: ClusterResourcePlacement
+metadata:
+ name: kuard
+spec:
+ resourceSelectors:
+ - group: ""
+ version: v1
+ kind: Namespace
+ name: kuard-demo
+ # If policy is unspecified, deploy to all the member clusters by default.
+ policy:

examples/fleet/kuard/kuard-export-service.yaml

@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kuard
+ namespace: kuard-demo
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app: kuard
+ template:
+ metadata:
+ labels:
+ app: kuard
+ spec:
+ containers:
+ - name: kuard
+ image: gcr.io/kuar-demo/kuard-amd64:blue
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ limits:
+ cpu: 250m
+ memory: 256Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kuard
+ namespace: kuard-demo
+ labels:
+ app: kuard
+ annotations:
+ service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+spec:
+ type: LoadBalancer
+ ports:
+ - port: 8080
+ selector:
+ app: kuard
+---
+apiVersion: networking.fleet.azure.com/v1alpha1
+kind: ServiceExport
+metadata:
+ name: kuard
+ namespace: kuard-demo

examples/fleet/kuard/kuard-mcs.yaml

@@ -0,0 +1,8 @@
+apiVersion: networking.fleet.azure.com/v1alpha1
+kind: MultiClusterService
+metadata:
+ name: kuard
+ namespace: kuard-demo
+spec:
+ serviceImport:
+ name: kuard