aws · zijun726911 · Nov 23, 2023 · Nov 16, 2023 · Nov 16, 2023 · Nov 17, 2023
diff --git a/docs/guides/multi-cluster.md b/docs/guides/multi-cluster.md
@@ -0,0 +1,44 @@
+# Recommended Multi-Cluster Architecture
+
+Here is a recommended multi-cluster architecture if you'd like to setup kubernetes service-to-service communications across multiple clusters.
+
+Suppose your organization would like to have one "service mesh" that spans many clusters in one aws account, this service mesh should include the following components:
+- One manually created VPC Lattice service network, (it could create by either AWS Console, CLI, CloudFormation, Terraform or any other tools)
+- Create `VpcServiceNetworkAssociations` between VPC Lattice service network and each config cluster's VPC and workload clusters' VPCs
+- Multiple workload cluster(s), that are used to run application workload(s). workload cluster(s) should only have following workloads related kubernetes objects:
+  - Multiple application workload(s) (Pods, Deployments etc.)
+  - Multiple `Service(s)` for application workload(s)
+  - Multiple `ServiceExport(s)`, that export kubernetes application Service(s) to the "config cluster"
+- One extra dedicated "config cluster", which is act as a "service mesh control plane" and it should include following kubernetes objects:
+  - One `Gateway` that has __same name__ as the manually created VPC Lattice service network name
+  - Multiple `ServiceImport(s)`, that reference to kubernetes application services that export from workload cluster(s)
+  - Multiple `HTTPRoute(s)`,`GRPCRoute(s)`, that have rules backendRefs to `ServiceImport(s)` that referring kubernetes application service(s) in workload cluster(s)
+
+
+You can see this similar production use case at Airbnb: [airbnb mullti-cluster setup](https://www.youtube.com/watch?v=1D8lg36ZNHs)
+
+![config cluster and multiple workload clusters](../images/multi-cluster.png)
+
+Following steps will show you how to set up this recommended multi-cluster architecture with 1 config cluster and 2 workload clusters.
+1. Create 3 k8s clusters: `config cluster`, `workload cluster-1`, `workload cluster-2`. Install aws gateway api controller in each cluster, you could follow this instruction [deploy.md](deploy.md)
+1. Create a VPC Lattice `ServiceNetwork` with name `my-gateway`
+1. Create `VPCServiceNetworkAssociation(s)` between previous step created service network and each config cluster's VPC and workload clusters' VPCs
+1. Setup following resource in the workload cluster1:
+    ```
+    kubectl apply -f examples/service-1.yaml
+    kubectl apply -f examples/service-1-export.yaml
+    ```
+1. Setup following resource in the workload cluster2:
+    ```
+    kubectl apply -f examples/service-2.yaml
+    kubectl apply -f examples/service-2-export.yaml
+    ```
+1. Setup following resource in the config cluster:
+    ```
+    kubectl apply -f examples/my-gateway.yaml
+    kubectl apply -f examples/my-httproute.yaml
+    kubectl apply -f examples/service-1-import.yaml
+    kubectl apply -f examples/service-2-import.yaml
+    ```
+1. At this point, the connectivity setup finished, pods in workload cluster1 are able to communicate with `service-2` in workload cluster2 (and vice versa) via the `my-httproute` dns name.
+1. Furthermore, you could have more workloads clusters to join the `my-gateway` service network by creating the `ServiceNewtorkAssociation(s)`, they will all be able to communicate with `service-1` and `service-2` via the `my-httproute` dns name and path matching.
diff --git a/docs/guides/multi-sn.md b/docs/guides/multi-sn.md
diff --git a/docs/images/GatewayUserGuideFigures.pptx b/docs/images/GatewayUserGuideFigures.pptx
diff --git a/docs/images/multi-cluster.png b/docs/images/multi-cluster.png
diff --git a/docs/images/multi-sn.png b/docs/images/multi-sn.png
diff --git a/examples/my-gateway.yaml b/examples/my-gateway.yaml
@@ -0,0 +1,10 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+  name: my-gateway
+spec:
+  gatewayClassName: amazon-vpc-lattice
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
diff --git a/examples/my-httproute.yaml b/examples/my-httproute.yaml
@@ -0,0 +1,23 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+  name: my-httproute
+spec:
+  parentRefs:
+  - name: my-hotel
+    sectionName: http
+  rules:
+  - backendRefs:
+    - name: service-1
+      kind: ServiceImport
+    matches:
+    - path:
+        type: PathPrefix
+        value: /service-1
+  - backendRefs:
+    - name: service-2
+      kind: ServiceImport
+    matches:
+    - path:
+        type: PathPrefix
+        value: /service-2
diff --git a/examples/service-1-export.yaml b/examples/service-1-export.yaml
@@ -0,0 +1,6 @@
+apiVersion: application-networking.k8s.aws/v1alpha1
+kind: ServiceExport
+metadata:
+  name: service-1
+  annotations:
+    application-networking.k8s.aws/federation: "amazon-vpc-lattice"
diff --git a/examples/service-1-import.yaml b/examples/service-1-import.yaml
@@ -0,0 +1,9 @@
+apiVersion: application-networking.k8s.aws/v1alpha1
+kind: ServiceImport
+metadata:
+  name: service-1
+spec:
+  type: ClusterSetIP
+  ports:
+  - port: 80
+    protocol: TCP
diff --git a/examples/service-1.yaml b/examples/service-1.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: service-1
+  labels:
+    app: service-1
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: service-1
+  template:
+    metadata:
+      labels:
+        app: service-1
+    spec:
+      containers:
+      - name: service-1
+        image: public.ecr.aws/x2j8p8w7/http-server:latest
+        env:
+        - name: PodName
+          value: "service-1 handler pod"
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service-1
+spec:
+  selector:
+    app: service-1
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8090
diff --git a/examples/service-2-export.yaml b/examples/service-2-export.yaml
@@ -0,0 +1,6 @@
+apiVersion: application-networking.k8s.aws/v1alpha1
+kind: ServiceExport
+metadata:
+  name: service-2
+  annotations:
+    application-networking.k8s.aws/federation: "amazon-vpc-lattice"
diff --git a/examples/service-2-import.yaml b/examples/service-2-import.yaml
@@ -0,0 +1,9 @@
+apiVersion: application-networking.k8s.aws/v1alpha1
+kind: ServiceImport
+metadata:
+  name: service-2
+spec:
+  type: ClusterSetIP
+  ports:
+  - port: 80
+    protocol: TCP
diff --git a/examples/service-2.yaml b/examples/service-2.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: service-2
+  labels:
+    app: service-2
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: service-2
+  template:
+    metadata:
+      labels:
+        app: service-2
+    spec:
+      containers:
+      - name: service-2
+        image: public.ecr.aws/x2j8p8w7/http-server:latest
+        env:
+        - name: PodName
+          value: "service-2 handler pod"
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service-2
+spec:
+  selector:
+    app: service-2
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8090