Add an MCI Recipes with FrontendConfig for HTTP to HTTPS Redirect and SSL Policy

CONTRIBUTING.md

@@ -16,22 +16,22 @@ The goal for GKE Networking Recipes is to provide a bite-sized, easy to consume,
 - There should be clear ownership of a recipe. Each recipe has one owner. If you contributed it then you own it until someone else has agreed to be the owner. If functionality changes and your recipe is no longer valid or no longer makes sense, it is your responsibility to update over time.
 - Each recipe should be listed as a bullet point with a brief description on the [primary README page](./README.md).
 
-
 ### README guidelines
+
 Each recipe's README should consist of the following sections. In general the README should be concise and should not try to replicate the docs or be a solutions guide. Keep it bite sized.
 
 - Summary
-	- A brief description of what this recipe accomplishes
-	- Any references to specific GKE features or GCP load balancers should be appropriately linked
-	- The use-cases that this recipe accomplishes should be listed
-	- A diagram [of this format](https://docs.google.com/presentation/d/1Wngda7LN4GcMpASvdnG-laLUDOt3hzmPeUuVvMdSXA0/edit?usp=sharing) should be used to describe the networking flow, example, or architecture wherever it makes sense. Images should go into the [`/images`](./images) folder.
+  - A brief description of what this recipe accomplishes
+    - Any references to specific GKE features or GCP load balancers should be appropriately linked
+    - The use-cases that this recipe accomplishes should be listed
+    - A diagram [of this format](https://docs.google.com/presentation/d/1Wngda7LN4GcMpASvdnG-laLUDOt3hzmPeUuVvMdSXA0/edit?usp=sharing) should be used to describe the networking flow, example, or architecture wherever it makes sense. Images should go into the [`/images`](./images) folder.
 - Network manifests
-	- This section describes the primary capabilities and configuration format for the features that are highlighted in this recipe
-	- This section should only focus on the networking-related manifests but not show or describe all the manifests (such as app deployment)
+  - This section describes the primary capabilities and configuration format for the features that are highlighted in this recipe
+  - This section should only focus on the networking-related manifests but not show or describe all the manifests (such as app deployment)
 - Try it out
-	- This section should describe in a few steps how to deploy the networking manifests to achieve the use-case
-	- Do not try and recreate an entire tutorial. Try to demonstrate this in as few steps as necessary and put most of the description and detail in the Network Manifests section
-	- Demonstrate that the use-case works and display the output that validates it (whether that be a succesful ping or a specific expected response)
+  - This section should describe in a few steps how to deploy the networking manifests to achieve the use-case
+  - Do not try and recreate an entire tutorial. Try to demonstrate this in as few steps as necessary and put most of the description and detail in the Network Manifests section
+  - Demonstrate that the use-case works and display the output that validates it (whether that be a succesful ping or a specific expected response)
 - Summary
   - Use this section if it's necessary to add closing comments or add any detail to the example for explanation.
 - Cleanup
@@ -51,8 +51,6 @@ Each recipe's README should consist of the following sections. In general the RE
 | [Multi-Cluster Ingress Blue-Green App Migration](/multi-cluster-blue-green-app)  |   |
 | [Multi-Cluster Ingress Blue-Green Cluster Migration](/multi-cluster-blue-green-cluster)  |   |
 
-
-
 ## Contributor License Agreement
 
 Contributions to this project must be accompanied by a Contributor License

cluster-setup.md

@@ -1,120 +1,143 @@
-## Set up environment variable
+# Set up environment variable
 
 This will be referenced in upcoming command line examples.
 
 ```bash
-$ export PROJECT=$(gcloud config get-value project) # or your preferred project
+  export PROJECT=$(gcloud config get-value project) # or your preferred project
 ```
 
-
 ## Single-cluster environment
 
 The single-cluster examples use the following GKE setup for deploying the manifests.
 
 ```bash
-$ gcloud container clusters create gke-1 \
-	--zone us-west1-a \
-	--enable-ip-alias \
-  	--release-channel rapid 
+  gcloud container clusters create gke-1 \
+    --zone us-west1-a \
+    --enable-ip-alias \
+      --release-channel rapid 
 ```
 
+## Multi-cluster environment basic
 
-## Multi-cluster environment (basic)
-
-The multi-cluster examples use the following GKE setup for deploying the manifests. If you've already created `gke-1` in the [single-cluster section](#), you can reuse that cluster.
+The multi-cluster examples use the following GKE setup for deploying the manifests. If you've already created `gke-1` in the [single Cluster Section](#single-cluster-environment), you can reuse that cluster.
 
 1. Deploy two GKE clusters within your Google Cloud project.
 
     ```bash
-    $ gcloud container clusters create gke-1 \
-      --zone us-west1-a \
+    gcloud container clusters create gke-1 \
+      --zone ${GKE1_ZONE} \
       --enable-ip-alias \
       --release-channel rapid \
-      --workload-pool=${PROJECT}.svc.id.goog
+      --workload-pool=${PROJECT}.svc.id.goog --async
 
-    $ gcloud container clusters create gke-2 \
-      --zone us-east1-b \
+    gcloud container clusters create gke-2 \
+      --zone ${GKE2_ZONE} \
       --enable-ip-alias \
       --release-channel rapid \
-      --workload-pool=${PROJECT}.svc.id.goog
+      --workload-pool=${PROJECT}.svc.id.goog --async
     ```
 
-2. Rename contexts
+    Clusters creation takes around 5 min to complete
 
-    The prior step will have added credentials for your new clusters to your `kubeconfig`, but let's rename the contexts to something a little shorter:
+2. Get the clusters credentials
 
     ```bash
+    gcloud container clusters get-credentials gke-1 --zone $GKE1_ZONE
+    gcloud container clusters get-credentials gke-2 --zone $GKE2_ZONE
+    ```
+
+3. Rename contexts
+
+    The prior step will have added credentials for your new clusters to your `kubeconfig`, but let's rename the contexts to something a little shorter:
 
-    $ kubectl config rename-context gke_${PROJECT}_us-west1-a_gke-1 gke-1
+    ```bash
+    kubectl config rename-context gke_${PROJECT}_${GKE1_ZONE}_gke-1 gke-1
 
-    $ kubectl config rename-context gke_${PROJECT}_us-east1-b_gke-2 gke-2
+    kubectl config rename-context gke_${PROJECT}_${GKE2_ZONE}_gke-2 gke-2
     ```
 
-3. Enable the Hub, Anthos, and MultiClusterIngress APIs for your GCP project as described [here](https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-for-anthos-setup#before_you_begin).
+4. Enable the Hub, Anthos, and MultiClusterIngress APIs for your GCP project as described [here](https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-for-anthos-setup#before_you_begin).
 
     ```bash
+    gcloud services enable gkehub.googleapis.com
 
-    $ gcloud services enable gkehub.googleapis.com
-
-    $ gcloud services enable anthos.googleapis.com
+    gcloud services enable anthos.googleapis.com
 
-    $ gcloud services enable multiclusteringress.googleapis.com
+    gcloud services enable multiclusteringress.googleapis.com
     ```
 
-4. [Register](https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-for-anthos-setup#registering_your_clusters) your two clusters (`gke-1` and `gke-2`). 
+5. [Register](https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-for-anthos-setup#registering_your_clusters) your two clusters (`gke-1` and `gke-2`).
 
-    There are a few steps to complete as part of the registration process. A quick hint to get you going is the `gke-uri` for your GKE clusters. 
+    There are a few steps to complete as part of the registration process. A quick hint to get you going is the `gke-uri` for your GKE clusters.
 
-    You can find the URI for each cluster via the following command:
+    Register the clusters with Hub.
 
     ```bash
-    $ gcloud container clusters list --uri
+    gcloud container hub memberships register gke-1 \
+      --gke-cluster ${GKE1_ZONE}/gke-1 \
+      --enable-workload-identity
+
+     gcloud container hub memberships register gke-2 \
+      --gke-cluster ${GKE2_ZONE}/gke-2 \
+      --enable-workload-identity
     ```
 
-    Confirm that they are registered with Hub.
+    Confirm that they are registered with Hub. Your EXTERNAL_ID values might be different.
 
-    ```
-    $ gcloud container hub memberships list
-    NAME   EXTERNAL_ID
-    gke-1  50468ae8-29a3-4ea1-b7ff-0e216533619a
-    gke-2  6c2704d2-e499-465d-99d6-3ca1f3d8170b
+    ```bash
+       gcloud container hub memberships list
+
+       NAME   EXTERNAL_ID
+       gke-1  50468ae8-29a3-4ea1-b7ff-0e216533619a
+       gke-2  6c2704d2-e499-465d-99d6-3ca1f3d8170b
     ```
 
-5. Now enable Multi-cluster Ingress and specify `gke-1` as your config cluster.
+6. Now enable Multi-cluster Ingress and specify `gke-1` as your config cluster.
 
     ```bash
-    $ gcloud alpha container hub ingress enable \
+    gcloud container hub ingress enable \
       --config-membership=projects/${PROJECT}/locations/global/memberships/gke-1
     ```
 
-6. Confirm that MCI is configured properly.
+7. Confirm that MCI is configured properly.
 
     ```bash
-    $ gcloud alpha container hub ingress describe
-    createTime: '2020-08-16T05:15:32.127012063Z'
-    featureState:
-      details:
+    gcloud container hub ingress describe
+
+    createTime: '2021-01-14T09:09:57.475070502Z'
+    membershipStates:
+      projects/349736299228/locations/global/memberships/gke-1:
+        state:
+          code: OK
+          updateTime: '2021-10-27T15:10:44.499214418Z'
+      projects/349736299228/locations/global/memberships/gke-2:
+        state:
+          code: OK
+          updateTime: '2021-10-27T15:10:44.499215578Z'
+    name: projects/gke-net-recipes/locations/global/features/multiclusteringress
+    resourceState:
+      state: ACTIVE
+    spec:
+      multiclusteringress:
+        configMembership: projects/gke-net-recipes/locations/global/memberships/gke-1
+    state:
+      state:
         code: OK
         description: Ready to use
-      detailsByMembership:
-        projects/1050705688268/locations/global/memberships/gke-1:
-          code: OK
-      hasResources: true
-      lifecycleState: ENABLED
-    multiclusteringressFeatureSpec:
-      configMembership: projects/alexmattson-ifa-081520-0404/locations/global/memberships/i4a-us-central1-01
-    name: projects/alexmattson-ifa-081520-0404/locations/global/features/multiclusteringress
-    updateTime: '2020-08-16T05:15:33.464612511Z'
+        updateTime: '2021-10-27T15:09:33.451139409Z'
+    updateTime: '2021-01-14T09:09:59.186872460Z'
     ```
-
-## Multi-cluster environment (blue-green cluster)
+
+8. At this stage your clusters for MCI are ready, you can return to the tutorial you started with.
+
+## Multi-cluster environment blue/green
 
 To implement the `multi-cluster-blue-green-cluster` pattern, we need another GKE cluster in the same region as `gke-1`. This section builds on the [previous section](#multi-cluster-environment-basic), and assumes you still have those clusters up and running.
 
 1. Deploy another GKE cluster to the `us-west1` region (same region as `gke-1`, but a different zone)
 
     ```bash
-    $ gcloud container clusters create gke-3 \
+    gcloud container clusters create gke-3 \
       --zone us-west1-b \
       --enable-ip-alias \
       --release-channel rapid
@@ -123,26 +146,27 @@ To implement the `multi-cluster-blue-green-cluster` pattern, we need another GKE
 2. Rename context
 
     ```bash
-    $ kubectl config rename-context gke_${PROJECT}_us-west1-b_gke-3 gke-3
+       kubectl config rename-context gke_${PROJECT}_us-west1-b_gke-3 gke-3
     ```
 
 3. [Register](https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-for-anthos-setup#registering_your_clusters) `gke-3`, following the same steps used previously.
 
     Again, figuring out the `gke-uri` of a given cluster can be tricky, so use:
 
     ```bash
-    $ gcloud container clusters list --uri
+       gcloud container clusters list --uri
     ```
 
     Confirm registration of your clusters.
-    ```
-    $ gcloud container hub memberships list
-    NAME   EXTERNAL_ID
-    gke-3  8187e1cd-35e8-41e1-b204-8ac5c7c7a240
-    gke-2  47081e57-c326-4fa0-b808-7a7652863d32
-    gke-1  90eeb089-cd16-4281-85ce-e724953249dc
-    ```
 
+    ```bash
+      gcloud container hub memberships list
+
+      NAME   EXTERNAL_ID
+      gke-3  8187e1cd-35e8-41e1-b204-8ac5c7c7a240
+      gke-2  47081e57-c326-4fa0-b808-7a7652863d32
+      gke-1  90eeb089-cd16-4281-85ce-e724953249dc
+    ```
 
 ## Multi-cluster environment (multi-cluster-services)
 
@@ -151,32 +175,31 @@ In order to use Multi-cluster services, following steps need to be completed to
 1. Enable the CloudDNS, Traffic Director, MultiClusterServiceDiscovery APIs for your GCP project as described [here](https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#before_you_begin).
 
     ```bash
+      gcloud services enable dns.googleapis.com
 
-    $ gcloud services enable dns.googleapis.com
-
-    $ gcloud services enable trafficdirector.googleapis.com
+      gcloud services enable trafficdirector.googleapis.com
 
-    $ gcloud services enable cloudresourcemanager.googleapis.com
+      gcloud services enable cloudresourcemanager.googleapis.com
 
-    $ gcloud services enable multiclusterservicediscovery.googleapis.com
+      gcloud services enable multiclusterservicediscovery.googleapis.com
     ```
 
 2. Now enable Multi-cluster Services.
 
     ```bash
-    $ gcloud alpha container hub multi-cluster-services enable
+       gcloud alpha container hub multi-cluster-services enable
     ```
 
 3. Confirm that MCS is configured properly.
 
     ```bash
-    $gcloud alpha container hub multi-cluster-services describe
+       gcloud alpha container hub multi-cluster-services describe
     ```
 
 4. Grant required Identity to MCS Importer.
 
     ```bash
-    $gcloud projects add-iam-policy-binding ${PROJECT} \
-     --member "serviceAccount:${PROJECT}.svc.id.goog[gke-mcs/gke-mcs-importer]" \
-     --role "roles/compute.networkViewer"
+       gcloud projects add-iam-policy-binding ${PROJECT} \
+        --member "serviceAccount:${PROJECT}.svc.id.goog[gke-mcs/gke-mcs-importer]" \
+        --role "roles/compute.networkViewer"
     ```