Add yaml examples for AWS Resource Access Manager sharing ServiceNetwork (gateway) between accounts (#208)

* Add yaml examples for AWS Resource Access Manager sharing ServiceNetwork (gateway) between accounts

* Add ram-sharing.md

---------

Co-authored-by: Zijun Wang <zijunw@amazon.com>

Author: zijun726911

docs/ram-sharing.md

@@ -0,0 +1,32 @@
+# Share Kubernetes Gateway (VPC lattice service network) between different AWS accounts
+
+AWS Resource Access Manager(RAM) helps you share your resources across AWS accounts, within your organization or
+organizational units (OUs). Now VPC lattice support 2 types of resource sharing: share VPC lattice service or sharing
+VPC lattice services, in the AWS Gateway API Controller now it only support sharing VPC lattice service network.
+
+Here in a example that account B (sharer account) could share it's service network with account A (sharee account), and
+account A could access all k8s services (vpc lattice target groups) and k8s httproutes(vpc lattice services) within this
+sharer account's service network.
+
+**Steps**
+
+1. Create a full connectivity setup example (include a gateway, a service and a httproute ) in the account B (sharer
+   account): `kubectl apply -f examples/second-account-gw1-full-setup.yaml`
+
+
+2. Go to accountB's aws "Resource Access Manager" console, create a `VPC Lattice Service Networks` type resource
+   sharing, share the service network that created from previous step's gateway(second-account-gw1)  (You could check
+   the VPC Lattice console to get the resource arn, service network name should also be second-account-gw1)
+
+3. Open the account A (sharee account)'s "aws Resource Access Manager" console, in the "Shared with me" section accept
+   the accountB's Service Network sharing invitation.
+
+4. Load the account A's aws credential in you command line, do `kubectl config use-context <accountA cluster>` to switch
+   to accountA's context
+
+5. Apply the same "second-account-gw1" account A (sharee account)'s cluster
+   by `kubectl apply -f examples/second-account-gw1-in-primary-account.yaml`
+
+6. All done, you could verify service network(gateway) sharing by: Attach to any pod in account A's cluster,
+   do `curl <vpc lattice service dns for 'second-account-gw1-httproute'>`, it should be able to get correct response "
+   second-account-gw1-svc handler pod" 

examples/second-account-gw1-full-setup.yaml

@@ -0,0 +1,72 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+  name: second-account-gw1
+  annotations:
+    application-networking.k8s.aws/lattice-vpc-association: "true"
+spec:
+  gatewayClassName: amazon-vpc-lattice
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: second-account-gw1-svc
+  labels:
+    app: second-account-gw1-svc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: second-account-gw1-svc
+  template:
+    metadata:
+      labels:
+        app: second-account-gw1-svc
+    spec:
+      containers:
+        - name: second-account-gw1-svc-app
+          image: public.ecr.aws/x2j8p8w7/http-server:latest
+          env:
+            - name: PodName
+              value: "second-account-gw1-svc handler pod"
+
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: second-account-gw1-svc
+spec:
+  selector:
+    app: second-account-gw1-svc
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8090
+
+---
+
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+  name: second-account-gw1-httproute
+spec:
+  parentRefs:
+    - name:  second-account-gw1
+      sectionName: http
+  rules:
+    - backendRefs:
+        - name: second-account-gw1-svc
+          kind: Service
+      matches:
+        - path:
+            type: PathPrefix
+            value: /
+

examples/second-account-gw1-in-primary-account.yaml

@@ -0,0 +1,12 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+  name: second-account-gw1
+  annotations:
+    application-networking.k8s.aws/lattice-vpc-association: "true"
+spec:
+  gatewayClassName: amazon-vpc-lattice
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80