Merge pull request #269372 from schaffererin/aks-fleet-quickstarts

Simplify Fleet Azure CLI quickstart and add portal quickstart

Author: American-Dipper

articles/kubernetes-fleet/access-fleet-kubernetes-api.md

@@ -0,0 +1,110 @@
+---
+title: "Access the Kubernetes API of the Fleet resource"
+description: Learn how to access the Kubernetes API of the Fleet resource.
+ms.topic: how-to
+ms.date: 03/20/2024
+author: shashankbarsin
+ms.author: shasb
+ms.service: kubernetes-fleet
+---
+
+# Access the Kubernetes API of the Fleet resource with Azure Kubernetes Fleet Manager
+
+If your Azure Kubernetes Fleet Manager resource was created with the hub cluster enabled, then it can be used to centrally control scenarios like Kubernetes resource propagation. In this article, you learn how to access the Kubernetes API of the hub cluster managed by the Fleet resource.
+
+## Prerequisites
+
+[!INCLUDE [free trial note](../../includes/quickstarts-free-trial-note.md)]
+
+* You must have a Fleet resource with a hub cluster and member clusters. If you don't have this resource, follow [Quickstart: Create a Fleet resource and join member clusters](quickstart-create-fleet-and-members.md).
+* The identity (user or service principal) you're using needs to have the Microsoft.ContainerService/fleets/listCredentials/action on the Fleet resource.
+
+## Access the Kubernetes API of the Fleet resource cluster
+
+1. Set the following environment variables for your subscription ID, resource group, and Fleet resource, and set the default Azure subscription to use using the [`az account set`][az-account-set] command.
+
+    ```azurecli-interactive
+    export SUBSCRIPTION_ID=<subscription-id>
+    az account set --subscription ${SUBSCRIPTION_ID}
+
+    export GROUP=<resource-group-name>
+    export FLEET=<fleet-name>
+    ```
+
+2. Get the kubeconfig file of the hub cluster Fleet resource using the [`az fleet get-credentials`][az-fleet-get-credentials] command.
+
+    ```azurecli-interactive
+    az fleet get-credentials --resource-group ${GROUP} --name ${FLEET}
+    ```
+
+    Your output should look similar to the following example output:
+
+    ```output
+    Merged "hub" as current context in /home/fleet/.kube/config
+    ```
+
+3. Set the following environment variable for the `id` of the hub cluster Fleet resource:
+
+    ```azurecli-interactive
+    export FLEET_ID=/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${GROUP}/providers/Microsoft.ContainerService/fleets/${FLEET}
+    ```
+
+4. Authorize your identity to the hub cluster Fleet resource's Kubernetes API server using the following commands:
+
+    For the `ROLE` environment variable, you can use one of the following four built-in role definitions as the value:
+
+    * Azure Kubernetes Fleet Manager RBAC Reader
+    * Azure Kubernetes Fleet Manager RBAC Writer
+    * Azure Kubernetes Fleet Manager RBAC Admin
+    * Azure Kubernetes Fleet Manager RBAC Cluster Admin
+
+    ```azurecli-interactive
+    export IDENTITY=$(az ad signed-in-user show --query "id" --output tsv)
+    export ROLE="Azure Kubernetes Fleet Manager RBAC Cluster Admin"
+    az role assignment create --role "${ROLE}" --assignee ${IDENTITY} --scope ${FLEET_ID}
+    ```
+
+    Your output should be similar to the following example output:
+
+    ```output
+    {
+      "canDelegate": null,
+      "condition": null,
+      "conditionVersion": null,
+      "description": null,
+      "id": "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<GROUP>/providers/Microsoft.ContainerService/fleets/<FLEET>/providers/Microsoft.Authorization/roleAssignments/<assignment>",
+      "name": "<name>",
+      "principalId": "<id>",
+      "principalType": "User",
+      "resourceGroup": "<GROUP>",
+      "roleDefinitionId": "/subscriptions/<SUBSCRIPTION_ID>/providers/Microsoft.Authorization/roleDefinitions/18ab4d3d-a1bf-4477-8ad9-8359bc988f69",
+      "scope": "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<GROUP>/providers/Microsoft.ContainerService/fleets/<FLEET>",
+      "type": "Microsoft.Authorization/roleAssignments"
+    }
+    ```
+
+5. Verify you can access the API server using the `kubectl get memberclusters` command.
+
+    ```bash
+    kubectl get memberclusters
+    ```
+
+    If successful, your output should look similar to the following example output:
+
+    ```output
+    NAME           JOINED   AGE
+    aks-member-1   True     2m
+    aks-member-2   True     2m
+    aks-member-3   True     2m
+    ```
+
+## Next steps
+
+* Review the [API specifications][fleet-apispec] for all Fleet custom resources.
+* Review our [troubleshooting guide][troubleshooting-guide] to help resolve common issues related to the Fleet APIs.
+
+<!-- LINKS --->
+[fleet-apispec]: https://github.com/Azure/fleet/blob/main/docs/api-references.md
+[troubleshooting-guide]: https://github.com/Azure/fleet/blob/main/docs/troubleshooting/README.md
+[az-fleet-get-credentials]: /cli/azure/fleet#az-fleet-get-credentials
+[az-account-set]: /cli/azure/account#az-account-set

articles/kubernetes-fleet/index.yml

@@ -37,6 +37,8 @@ landingContent:
             url: /cli/azure/fleet
           - text: REST
             url: /rest/api/fleet
+          - text: Terraform
+            url: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_fleet_manager
           - text: PowerShell
             url: /powershell/module/az.fleet
           - text: .NET

articles/kubernetes-fleet/l4-load-balancing.md

@@ -2,13 +2,12 @@
 title: "How to set up multi-cluster Layer 4 load balancing across Azure Kubernetes Fleet Manager member clusters (preview)"
 description: Learn how to use Azure Kubernetes Fleet Manager to set up multi-cluster Layer 4 load balancing across workloads deployed on multiple member clusters.
 ms.topic: how-to
-ms.date: 09/09/2022
+ms.date: 03/20/2024
 author: shashankbarsin
 ms.author: shasb
 ms.service: kubernetes-fleet
 ms.custom:
   - devx-track-azurecli
-  - ignite-2023
 ---
 
 # Set up multi-cluster layer 4 load balancing across Azure Kubernetes Fleet Manager member clusters (preview)
@@ -25,13 +24,14 @@ You can follow this document to set up layer 4 load balancing for such multi-clu
 
 * Read the [conceptual overview of this feature](./concepts-l4-load-balancing.md), which provides an explanation of `ServiceExport` and `MultiClusterService` objects referenced in this document.
 
-* You must have a fleet resource with member clusters with deployed workload. If you don't have this resource, follow [Quickstart: Create a Fleet resource and join member clusters](quickstart-create-fleet-and-members.md) and [Propagate Kubernetes configurations from a Fleet resource to member clusters](resource-propagation.md).
-
-* These target clusters should be using [Azure CNI (Container Networking Interface) networking](../aks/configure-azure-cni.md).
+* You must have a Fleet resource with a hub cluster and member clusters. If you don't have this resource, follow [Quickstart: Create a Fleet resource and join member clusters](quickstart-create-fleet-and-members.md).
 
 * The target Azure Kubernetes Service (AKS) clusters on which the workloads are deployed need to be present on either the same [virtual network](../virtual-network/virtual-networks-overview.md) or on [peered virtual networks](../virtual-network/virtual-network-peering-overview.md).
 
-* These target clusters have to be [added as member clusters to the Fleet resource](./quickstart-create-fleet-and-members.md#join-member-clusters).
+  * These target clusters have to be [added as member clusters to the Fleet resource](./quickstart-create-fleet-and-members.md#join-member-clusters).
+  * These target clusters should be using [Azure CNI (Container Networking Interface) networking](../aks/configure-azure-cni.md).
+
+* You must gain access to the Kubernetes API of the hub cluster by following the steps in [Access the Kubernetes API of the Fleet resource](./access-fleet-kubernetes-api.md).
 
 * Set the following environment variables and obtain the kubeconfigs for the fleet and all member clusters:
 
@@ -47,7 +47,7 @@ You can follow this document to set up layer 4 load balancing for such multi-clu
 
 [!INCLUDE [preview features note](~/articles/reusable-content/azure-cli/azure-cli-prepare-your-environment-no-header.md)]
 
-## Deploy a sample workload to demo clusters
+## Deploy a workload across member clusters of the Fleet resource
 
 > [!NOTE]
 >

articles/kubernetes-fleet/media/quickstart-create-fleet-and-members-portal-basics.png

@@ -0,0 +1,65 @@
+---
+title: "Quickstart: Create an Azure Kubernetes Fleet Manager resource and join member clusters using Azure portal"
+description: In this quickstart, you learn how to create an Azure Kubernetes Fleet Manager resource and join member clusters using Azure portal.
+ms.date: 03/20/2024
+author: shashankbarsin
+ms.author: shasb
+ms.service: kubernetes-fleet
+ms.custom: template-quickstart, mode-other
+ms.devlang: azurecli
+ms.topic: quickstart
+---
+
+# Quickstart: Create an Azure Kubernetes Fleet Manager resource and join member clusters using Azure portal
+
+Get started with Azure Kubernetes Fleet Manager (Fleet) by using the Azure portal to create a Fleet resource and later connect Azure Kubernetes Service (AKS) clusters as member clusters.
+
+## Prerequisites
+
+* Read the [conceptual overview of this feature](./concepts-fleet.md), which provides an explanation of fleets and member clusters referenced in this document.
+* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+* An identity (user or service principal) with the following permissions on the Fleet and AKS resource types for completing the steps listed in this quickstart:
+
+  * Microsoft.ContainerService/fleets/read
+  * Microsoft.ContainerService/fleets/write
+  * Microsoft.ContainerService/fleets/members/read
+  * Microsoft.ContainerService/fleets/members/write
+  * Microsoft.ContainerService/fleetMemberships/read
+  * Microsoft.ContainerService/fleetMemberships/write
+  * Microsoft.ContainerService/managedClusters/read
+  * Microsoft.ContainerService/managedClusters/write
+  * Microsoft.ContainerService/managedClusters/listClusterUserCredential/action
+
+* The AKS clusters that you want to join as member clusters to the Fleet resource need to be within the supported versions of AKS. Learn more about AKS version support policy [here](../aks/supported-kubernetes-versions.md#kubernetes-version-support-policy).
+
+## Create a Fleet resource
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+2. On the Azure portal home page, select **Create a resource**.
+3. In the search box, enter **Kubernetes Fleet Manager** and select **Create > Kubernetes Fleet Manager** from the search results.
+4. On the **Basics** tab, configure the following options:
+
+    * Under **Project details**:
+      * **Subscription**: Select the Azure subscription that you want to use.
+      * **Resource group**: Select an existing resource group or select **Create new** to create a new resource group.
+    * Under **Fleet details**:
+      * **Name**: Enter a unique name for the Fleet resource.
+      * **Region**: Select the region where you want to create the Fleet resource.
+      * **Hub cluster mode**: Select **Without hub cluster** if you want to use Fleet only for update orchestration. Select **With hub cluster (preview)** if you want to use Fleet for Kubernetes object propagation and multi-cluster load balancing in addition to update orchestration.
+
+    ![Create Fleet resource](./media/quickstart-create-fleet-and-members-portal-basics.png)
+
+5. Select **Next: Member clusters**.
+6. On the **Member clusters** tab, select **Add** to add an existing AKS cluster as a member cluster to the Fleet resource. You can add multiple member clusters to the Fleet resource.
+
+    ![Add member clusters](./media/quickstart-create-fleet-and-members-portal-members.png)
+
+7. Select **Review + create** > **Create** to create the Fleet resource.
+
+    It takes a few minutes to create the Fleet resource. When your deployment is complete, you can navigate to your resource by selecting **Go to resource**.
+
+## Next steps
+
+* [Orchestrate updates across multiple member clusters](./update-orchestration.md).
+* [Set up Kubernetes resource propagation from hub cluster to member clusters](./resource-propagation.md).
+* [Set up multi-cluster layer-4 load balancing](./l4-load-balancing.md).