docs: restructure book sections and improve cluster creation tutorial

Signed-off-by: Carlos Salas <[email protected]>

Author: salasberryfin

docs/book/src/SUMMARY.md

@@ -1,18 +1,20 @@
 # Summary
 
 [Introduction](./introduction.md)
-- [Getting Started](./getting-started.md)
-- [Topics](./topics/index.md)
-    - [Prerequisites](./topics/prerequisites.md)
+- [Quick Start](./quick-start.md)
+- [Prerequisites](./prerequisites.md)
+- [Self-managed clusters](./self-managed/index.md)
+    - [Provisioning a Cluster](./self-managed/provision.md)
+    - [CNI](./self-managed/cni.md)
+- [Managed clusters - GKE](./managed/index.md)
+    - [Provisioning a Cluster](./managed/provision.md)
+    - [Cluster Upgrades](./managed/upgrades.md)
+    - [Enabling](./managed/enabling.md)
+    - [Disabling](./managed/disabling.md)
+- [General Topics](./topics/index.md)
     - [Conformance](./topics/conformance.md)
-    - [GKE Support](./topics/gke/index.md)
-        - [Creating a Cluster](./topics/gke/creating-a-cluster.md)
-        - [Cluster Upgrades](./topics/gke/cluster-upgrades.md)
-        - [Enabling](./topics/gke/enabling.md)
-        - [Disabling](./topics/gke/disabling.md)
     - [Machine Locations](./topics/machine-locations.md)
     - [Preemptible VMs](./topics/preemptible-vms.md)
-    - [Flannel](./topics/flannel.md)
 - [Developer Guide](./developers/index.md)
     - [Development](./developers/development.md)
     - [Try unreleased changes with Nightly Builds](./developers/nightlies.md)

docs/book/src/getting-started.md

@@ -3,6 +3,14 @@
 - **Feature status:** Experimental
 - **Feature gate (required):** GKE=true
 
+<aside class="note warning">
+
+<h1>Warning</h1>
+
+Provisioning managed clusters (GKE) is an experimental feature and, as such, it may behave unreliably until promoted to the main repository.
+
+</aside>
+
 ## Overview
 
 The GCP provider supports creating GKE based cluster. Currently the following features are supported:
@@ -24,4 +32,4 @@ And a new template is available in the templates folder for creating a managed w
 * [Enabling GKE Support](enabling.md)
 * [Disabling GKE Support](disabling.md)
 * [Creating a cluster](creating-a-cluster.md)
-* [Cluster Upgrades](cluster-upgrades.md)
+* [Cluster Upgrades](cluster-upgrades.md)

docs/book/src/topics/gke/disabling.md renamed to docs/book/src/managed/disabling.md

@@ -0,0 +1,64 @@
+# Provisioning a GKE cluster
+
+<aside class="note warning">
+
+<h1>Warning</h1>
+
+We recommend you take a look at the [Prerequisites](./../prerequisites.md) section before provisioning a workload cluster. 
+
+</aside>
+
+**This guide uses an example from the `./templates` folder of the CAPG repository. You can inspect the yaml file [here](https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-gcp/refs/heads/main/templates/cluster-template-gke.yaml).**
+
+## Configure cluster parameters
+
+While inspecting the cluster definition in `./templates/cluster-template-gke.yaml` you probably noticed that it contains a number of parameterized values that must be substituted with the specifics of your use case. This can be done via environment variables and `clusterctl` and effectively makes the template more flexible to adapt to different provisioning scenarios. These are the environment variables that you'll be required to set before deploying a workload cluster:
+
+```sh
+export GCP_PROJECT=cluster-api-gcp-project
+export GCP_REGION=us-east4
+export GCP_NETWORK_NAME=default
+export WORKER_MACHINE_COUNT=1
+```
+
+## Generate cluster definition
+
+The sample cluster templates are already prepared so that you can use them with `clusterctl` to create a GKE cluster with CAPG.
+
+To create a GKE cluster with a managed node group (a.k.a managed machine pool):
+
+```bash
+clusterctl generate cluster capi-gke-quickstart --flavor gke -i gcp > capi-gke-quickstart.yaml
+```
+
+In this example, `capi-gke-quickstart` will be used as cluster name.
+
+## Create cluster
+
+The resulting file represents the workload cluster definition and you simply need to apply it to your cluster to trigger cluster creation:
+
+```
+kubectl apply -f capi-gke-quickstart.yaml
+```
+
+## Kubeconfig
+
+When creating an GKE cluster 2 kubeconfigs are generated and stored as secrets in the management cluster.
+
+### User kubeconfig
+
+This should be used by users that want to connect to the newly created GKE cluster. The name of the secret that contains the kubeconfig will be `[cluster-name]-user-kubeconfig` where you need to replace **[cluster-name]** with the name of your cluster. The **-user-kubeconfig** in the name indicates that the kubeconfig is for the user use.
+
+To get the user kubeconfig for a cluster named `managed-test` you can run a command similar to:
+
+```bash
+kubectl --namespace=default get secret managed-test-user-kubeconfig \
+   -o jsonpath={.data.value} | base64 --decode \
+   > managed-test.kubeconfig
+```
+
+### Cluster API (CAPI) kubeconfig
+
+This kubeconfig is used internally by CAPI and shouldn't be used outside of the management server. It is used by CAPI to perform operations, such as draining a node. The name of the secret that contains the kubeconfig will be `[cluster-name]-kubeconfig` where you need to replace **[cluster-name]** with the name of your cluster. Note that there is NO `-user` in the name.
+
+The kubeconfig is regenerated every `sync-period` as the token that is embedded in the kubeconfig is only valid for a short period of time.

docs/book/src/topics/gke/enabling.md renamed to docs/book/src/managed/enabling.md

@@ -1,14 +1,8 @@
 # Prerequisites
 
-## Requirements
+Before provisioning clusters via CAPG, there are a few extra tasks you need to take care of, including **configuring the GCP network** and **building images for GCP virtual machines**.
 
-- Linux or MacOS (Windows isn't supported at the moment).
-- A [Google Cloud](https://console.cloud.google.com) account.
-- [Packer](https://www.packer.io/intro/getting-started/install.html) and [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) to build images
-- Make to use `Makefile` targets
-- Install `coreutils` (for timeout) on *OSX*
-
-### Setup environment variables
+### Set environment variables
 
 ```bash
 export GCP_REGION="<GCP_REGION>"
@@ -21,7 +15,7 @@ export GCP_NETWORK_NAME=<GCP_NETWORK_NAME or default>
 export CLUSTER_NAME="<CLUSTER_NAME>"
 ```
 
-### Setup a Network and Cloud NAT
+### Configure Network and Cloud NAT
 
 Google Cloud accounts come with a `default` network which can be found under
 [VPC Networks](https://console.cloud.google.com/networking/networks).
@@ -55,16 +49,6 @@ gcloud compute routers nats create "${CLUSTER_NAME}-mynat" --project="${GCP_PROJ
 --nat-all-subnet-ip-ranges --auto-allocate-nat-external-ips
 ```
 
-### Create a Service Account
-
-To create and manage clusters, this infrastructure provider uses a service account to authenticate with GCP's APIs.
-
-From your cloud console, follow [these instructions](https://cloud.google.com/iam/docs/creating-managing-service-accounts#creating) to create a new service account with `Editor` permissions.
-
-If you plan to use GKE the service account will also need the `iam.serviceAccountTokenCreator` role.
-
-Afterwards, generate a JSON Key and store it somewhere safe.
-
 ### Building images
 
 > NB: The following commands should not be run as `root` user.

docs/book/src/topics/gke/index.md renamed to docs/book/src/managed/index.md

@@ -0,0 +1,91 @@
+# Getting started with CAPG
+
+In this section we'll cover the basics of how to prepare your environment to use Cluster API Provider for GCP.
+
+<aside class="note">
+
+<h1>Tip</h1>
+
+This covers the specifics of CAPG but won't go into detail of core CAPI basics. For more information on how CAPI works and how to interact with different providers, you can refer to [CAPI Quick Start](https://cluster-api.sigs.k8s.io/user/quick-start).
+
+</aside>
+
+Before installing CAPG, your Kubernetes cluster has to be transformed into a CAPI management cluster. If you have already done this, you can jump directly to the next section: [Installing CAPG](#installing-capg). If, on the other hand, you have an existing Kubernetes cluster that is not yet configured as a CAPI management cluster, you can follow the guide from the [CAPI book](https://cluster-api.sigs.k8s.io/user/quick-start#initialize-the-management-cluster).
+
+## Requirements
+
+- Linux or MacOS (Windows isn't supported at the moment).
+- A [Google Cloud](https://console.cloud.google.com) account.
+- [Packer](https://www.packer.io/intro/getting-started/install.html) and [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) to build images
+- `make` to use `Makefile` targets
+- Install `coreutils` (for timeout) on *OSX*
+
+### Create a Service Account
+
+To create and manage clusters, this infrastructure provider uses a service account to authenticate with GCP's APIs.
+
+From your cloud console, follow [these instructions](https://cloud.google.com/iam/docs/creating-managing-service-accounts#creating) to create a new service account with `Editor` permissions.
+
+If you plan to use GKE the service account will also need the `iam.serviceAccountTokenCreator` role.
+
+Afterwards, generate a JSON Key and store it somewhere safe.
+
+
+### Installing CAPG
+
+There are two major provider installation paths: using `clusterctl` or the `Cluster API Operator`.
+
+`clusterctl` is a command line tool that provides a simple way of interacting with CAPI and is usually the preferred alternative for those who are getting started. It automates fetching the YAML files defining provider components and installing them.
+
+The `Cluster API Operator` is a Kubernetes Operator built on top of `clusterctl` and designed to empower cluster administrators to handle the lifecycle of Cluster API providers within a management cluster using a declarative approach. It aims to improve user experience in deploying and managing Cluster API, making it easier to handle day-to-day tasks and automate workflows with GitOps. Visit the CAPI Operator quickstart if you want to experiment with this tool.
+
+You can opt for the tool that works best for you or explore both and decide which is best suited for your use case.
+
+#### clusterctl
+
+The Service Account you created will be used to interact with GCP and it must be base64 encoded and stored in a environment variable before installing the provider via `clusterctl`.
+
+```
+export GCP_B64ENCODED_CREDENTIALS=$( cat /path/to/gcp-credentials.json | base64 | tr -d '\n' )
+```
+Finally, let's initialize the provider.
+```
+clusterctl init --infrastructure gcp
+```
+This process may take some time and, once the provider is running, you'll be able to see the `capg-controller-manager` pod in your CAPI management cluster.
+
+#### Cluster API Operator
+
+You can refer to the Cluster API Operator book [here](https://cluster-api-operator.sigs.k8s.io/01_user/02_quick-start) to learn about the basics of the project and how to install the operator.
+
+When using Cluster API Operator, secrets are used to store credentials for cloud providers and not environment variables, which means you'll have to create a new secret containing the base64 encoded version of your GCP credentials and it will be referenced in the yaml file used to initialize the provider. As you can see, by using Cluster API Operator, we're able to manage provider installation declaratively.
+
+Create GCP credentials secret.
+```
+export CREDENTIALS_SECRET_NAME="gcp-credentials"
+export CREDENTIALS_SECRET_NAMESPACE="default"
+export GCP_B64ENCODED_CREDENTIALS=$( cat /path/to/gcp-credentials.json | base64 | tr -d '\n' )
+
+kubectl create secret generic "${CREDENTIALS_SECRET_NAME}" --from-literal=GCP_B64ENCODED_CREDENTIALS="${GCP_B64ENCODED_CREDENTIALS}" --namespace "${CREDENTIALS_SECRET_NAMESPACE}"
+```
+Define CAPG provider declaratively in a file `capg.yaml`.
+```
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: capg-system
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha2
+kind: InfrastructureProvider
+metadata:
+ name: gcp
+ namespace: capg-system
+spec:
+ version: v1.8.0
+ configSecret:
+   name: gcp-credentials
+```
+After applying this file, Cluster API Operator will take care of installing CAPG using the set of credentials stored in the specified secret.
+```
+kubectl apply -f capg.yaml
+```

docs/book/src/managed/provision.md

@@ -1,6 +1,8 @@
-# Flannel
+# CNI
 
-This document describes how to use [Flannel](https://github.com/flannel-io/flannel) as your CNI solution. By default, the CNI plugin is not installed for self-managed clusters, so you have to [install your own](https://cluster-api.sigs.k8s.io/user/quick-start.html#deploy-a-cni-solution) (e.g. Calico with VXLAN)
+By default, no CNI plugin is installed when a self-managed cluster is provisioned. As a user, you need to [install your own](https://cluster-api.sigs.k8s.io/user/quick-start.html#deploy-a-cni-solution) CNI (e.g. Calico with VXLAN) for the control plane of the cluster to become ready.
+
+This document describes how to use [Flannel](https://github.com/flannel-io/flannel) as your CNI solution.
 
 ## Modify the Cluster resources