diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a977dec
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,12 @@
+# Ignore Python virtual environment directories
+venv/
+
+# Ignore cloned repositories for specific projects
+multi-cluster-ai-with-kaito/kubefleet/
+multi-cluster-ai-with-kaito/istio/
+multi-cluster-ai-with-kaito/semantic-router/
+
+# Ignore downloaded files for specific projects
+multi-cluster-ai-with-kaito/configure-helm-values.sh
+multi-cluster-ai-with-kaito/gpu-provisioner-values-template.yaml
+multi-cluster-ai-with-kaito/gpu-provisioner-values.yaml
diff --git a/README.md b/README.md
index e1981d7..814e6b3 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,4 @@
 # KubeFleet Cookbook
-Examples and guides on using KubeFleet to manage multicluster scenarios.
+
+A collection of various demos, tutorials, and labs for using the KubeFleet project.
+
diff --git a/multi-cluster-ai-with-kaito/SETUP.md b/multi-cluster-ai-with-kaito/SETUP.md
new file mode 100644
index 0000000..e68bef7
--- /dev/null
+++ b/multi-cluster-ai-with-kaito/SETUP.md
@@ -0,0 +1,127 @@
+# How to run the scripts in this tutorial
+
+The scripts in this tutorial will help you:
+
+* Create a fleet of 3 AKS (Azure Kubernetes Service) clusters for running LLM inference workloads and routing LLM queries.
+* Put the 3 clusters under the management of KubeFleet, a CNCF sandbox project for multi-cluster management, with an
+additional KubeFleet hub cluster (also an AKS cluster) as the management portal.
+* Set up KAITO, a CNCF sandbox project for easy LLM usage, on the clusters for facilitating LLM workloads with ease.
+* Connect the 3 clusters with an Istio service mesh.
+* Use Kubernetes Gateway API with Inference Extension for serving LLM queries.
+
+> Note that even though the scripts are set to use AKS clusters and related resources for simplicity reasons; the tutorial itself is not necessarily Azure specific. It can run on any Kubernetes environment, as long as inter-cluster connectivity can be established.
+
+## Before you begin
+
+* This tutorial assumes that you are familiar with basic Azure/AKS usage and Kubernetes usage.
+* If you don't have an Azure account, [create a free account](https://azure.microsoft.com/pricing/purchase-options/azure-account) before you begin.
+* Make sure that you have the following tools installed in your environment:
+    * The Azure CLI (`az`).
+    * The Kubernetes CLI (`kubectl`).
+    * Helm
+    * Docker
+    * The Istio CLI (istioctl)
+    * Go runtime (>=1.24)
+    * `git`
+    * `base64`
+    * `make`
+    * `curl`
+* The setup in the tutorial requires usage of GPU-enabled nodes (with NVIDIA A100 GPUs or similar specs).
+
+## Run the scripts
+
+Switch to the current directory and follow the steps below to run the scripts:
+
+```sh
+chmod +x setup.sh
+./setup.sh
+```
+
+It may take a while for the setup to complete.
+
+The script includes some configurable parameters; in most cases though, you should be able to just use
+the default values. See the list of parameters at the file `setup.sh`, and, if needed, set up
+environment variables accordingly to override the default values.
+
+## Verify the setup
+
+After the setup script completes, follow the steps below to verify the setup:
+
+* Switch to one of the clusters that is running the inference workload:
+
+    ```sh
+    MEMBER_1="${MEMBER_1:-model-serving-cluster-1}"
+    MEMBER_2="${MEMBER_2:-model-serving-cluster-2}"
+    MEMBER_3="${MEMBER_3:-query-routing-cluster}"
+    MEMBER_1_CTX=$MEMBER_1-admin
+    MEMBER_2_CTX=$MEMBER_2-admin
+    MEMBER_3_CTX=$MEMBER_3-admin
+
+    kubectl config use-context $MEMBER_1_CTX
+    kubectl get workspace
+    ```
+
+    You should see that the KAITO workspace with the DeepSeek model is up and running. Note that it may take 
+    a while for a GPU node to get ready and have the model downloaded/set up.
+
+* Similarly, switch to the other cluster that is running the inference workload and make sure that the Phi model
+is up and running:
+
+    ```sh
+    kubectl config use-context $MEMBER_2_CTX
+    kubectl get workspace
+    ```
+
+* Now, switch to the query routing cluster and send some queries to the inference gateway:
+
+    ```sh
+    kubectl config use-context $MEMBER_3_CTX
+
+    # Open another shell window.
+    kubectl port-forward svc/inference-gateway-istio 10000:80
+
+    curl -X POST http://localhost:10000/v1/chat/completions \
+    -H "Content-Type: application/json" \
+    -d '{
+        "model": "auto",
+        "messages": [{"role": "user", "content": "Prove the Pythagorean theorem step by step"}],
+        "max_tokens": 100    
+    }'
+    ```
+
+    You should see from the response that the query is being served by the DeepSeek model.
+
+    ```sh
+    curl -X POST -i localhost:10000/v1/chat/completions \
+    -H "Content-Type: application/json" \
+    -d '{
+        "model": "auto",
+        "messages": [{"role": "user", "content": "What is the color of the sky?"}],
+        "max_tokens": 100
+    }'
+    ```
+
+    You should see from the response that the query is being served by the Phi model.
+
+    > Note: the tutorial features a semantic router that classifies queries based on their categories and sends queries to a LLM that is best equipped to process the category. The process is partly non-deterministic due to the nature of LLM. If you believe that a query belongs to a specific category but is not served by the expected LLM; tweak the query text a bit and give it another try.
+
+## Additional steps
+
+You can set up the LiteLLM proxy to interact with the models using a web UI. Follow the steps in the [LiteLLM setup README](./litellm/README.md) to complete the setup.
+
+## Clean things up
+
+To clean things up, delete the Azure resource group that contains all the resources:
+
+```sh
+export RG="${RG:-kubefleet-kaito-demo-2025}"
+az group delete -n $RG
+```
+
+## Questions or comments?
+
+If you have any questions or comments please using our [Q&A Discussions](https://github.com/kubefleet-dev/kubefleet/discussions/categories/q-a). 
+
+If you find a bug or the solution doesn't work, please open an [Issue](https://github.com/kubefleet-dev/kubefleet/issues/new) so we can take a look. We welcome submissions too, so if you find a fix please open a PR!
+
+Also, consider coming to a [Community Meeting](https://bit.ly/kubefleet-cm-meeting) too!
diff --git a/multi-cluster-ai-with-kaito/azresources.sh b/multi-cluster-ai-with-kaito/azresources.sh
new file mode 100644
index 0000000..733a36f
--- /dev/null
+++ b/multi-cluster-ai-with-kaito/azresources.sh
@@ -0,0 +1,93 @@
+function create_azure_vnet() {
+    echo "Creating an Azure virtual network..."
+    az network vnet create \
+        --name $VNET \
+        -g $RG \
+        --location $LOCATION \
+        --address-prefix $VNET_ADDR_PREFIX \
+        --subnet-name $SUBNET_1 \
+        --subnet-prefixes $SUBNET_1_ADDR_PREFIX
+}
+
+function create_azure_vnet_subnet() {
+    az network vnet subnet create \
+        -g $RG \
+        --vnet-name $VNET \
+        -n $1 \
+        --address-prefixes $2
+}
+
+function create_azure_vnet_subnets() {
+    echo "Creating additional subnets in the virtual network..."
+    create_azure_vnet_subnet $SUBNET_2 $SUBNET_2_ADDR_PREFIX
+    create_azure_vnet_subnet $SUBNET_3 $SUBNET_3_ADDR_PREFIX
+}
+
+function create_aks_cluster() {
+    echo "Creating AKS cluster $1..."
+    az aks create \
+        --name $1 \
+        --resource-group $RG \
+        --location $LOCATION \
+        --vnet-subnet-id $2 \
+        --network-plugin azure \
+        --enable-oidc-issuer \
+        --enable-workload-identity \
+        --enable-managed-identity \
+        --generate-ssh-keys \
+        --node-vm-size $VM_SIZE \
+        --node-count 1 \
+        --service-cidr $3 \
+        --dns-service-ip $4
+}
+
+function create_kubefleet_hub_cluster() {
+    echo "Creating KubeFleet hub cluster $FLEET_HUB..."
+    az aks create \
+        --name $FLEET_HUB \
+        --resource-group $RG \
+        --location $LOCATION \
+        --network-plugin azure \
+        --enable-oidc-issuer \
+        --enable-workload-identity \
+        --enable-managed-identity \
+        --generate-ssh-keys \
+        --node-vm-size $VM_SIZE \
+        --node-count 1
+}
+
+function create_aks_clusters() {
+    SUBNET_1_ID=$(az network vnet subnet show --resource-group $RG --vnet-name $VNET --name $SUBNET_1 --query "id" --output tsv)
+    SUBNET_2_ID=$(az network vnet subnet show --resource-group $RG --vnet-name $VNET --name $SUBNET_2 --query "id" --output tsv)
+    SUBNET_3_ID=$(az network vnet subnet show --resource-group $RG --vnet-name $VNET --name $SUBNET_3 --query "id" --output tsv)
+
+    echo "Creating AKS clusters..."
+    create_aks_cluster $MEMBER_1 $SUBNET_1_ID 172.16.0.0/16 172.16.0.10
+    create_aks_cluster $MEMBER_2 $SUBNET_2_ID 172.17.0.0/16 172.17.0.10
+    create_aks_cluster $MEMBER_3 $SUBNET_3_ID 172.18.0.0/16 172.18.0.10
+    create_kubefleet_hub_cluster
+
+    echo "Retrieving admin credentials for AKS clusters..."
+    az aks get-credentials -n $MEMBER_1 -g $RG --admin
+    az aks get-credentials -n $MEMBER_2 -g $RG --admin
+    az aks get-credentials -n $MEMBER_3 -g $RG --admin
+    az aks get-credentials -n $FLEET_HUB -g $RG --admin
+}
+
+function create_acr() {
+    echo "Creating Azure Container Registry $ACR..."
+    az acr create \
+        --resource-group $RG \
+        --name $ACR \
+        --sku Standard \
+        --admin-enabled true
+
+    echo "Connecting the ACR to the AKS clusters..."
+    az aks update -n $MEMBER_1 -g $RG --attach-acr $ACR
+    az aks update -n $MEMBER_2 -g $RG --attach-acr $ACR
+    az aks update -n $MEMBER_3 -g $RG --attach-acr $ACR
+    az aks update -n $FLEET_HUB -g $RG --attach-acr $ACR
+
+    echo "Logging into the ACR..."
+    az acr login --name $ACR
+}
\ No newline at end of file
diff --git a/multi-cluster-ai-with-kaito/charts/semantic-router.tgz b/multi-cluster-ai-with-kaito/charts/semantic-router.tgz
new file mode 100644
index 0000000..90e0a33
Binary files /dev/null and b/multi-cluster-ai-with-kaito/charts/semantic-router.tgz differ
diff --git a/multi-cluster-ai-with-kaito/istio.sh b/multi-cluster-ai-with-kaito/istio.sh
new file mode 100644
index 0000000..e2c0e3f
--- /dev/null
+++ b/multi-cluster-ai-with-kaito/istio.sh
@@ -0,0 +1,40 @@
+function prep_istio_setup() {
+    echo "Cloning the Istio source code repository..."
+    git clone https://github.com/istio/istio.git
+    pushd istio
+
+    git fetch --all
+    git checkout $ISTIO_TAG
+}
+
+function connect_to_multi_cluster_service_mesh() {
+    echo "Connecting AKS cluster $1 to the multi-cluster Istio service mesh..."
+    kubectl config use-context $2
+    go run ./istioctl/cmd/istioctl install \
+        --context $2 \
+        --set tag=$ISTIO_TAG \
+        --set hub=gcr.io/istio-release \
+        --set values.global.meshID=simplemesh \
+        --set values.global.multiCluster.clusterName=$1 \
+        --set values.global.network=simplenet \
+        --set values.pilot.env.ENABLE_GATEWAY_API_INFERENCE_EXTENSION=true
+
+    istioctl create-remote-secret --context=$3 --name=$4 --server $5 | kubectl apply --context=$2 -f -
+    istioctl create-remote-secret --context=$6 --name=$7 --server $8 | kubectl apply --context=$2 -f -
+}
+
+function set_up_istio() {
+    echo "Performing some preparatory steps before setting Istio up..."
+    prep_istio_setup
+
+    echo "Setting up the Istio multi-cluster service mesh on the KubeFleet member clusters..."
+    MEMBER_1_ADDR=https://$(az aks show --resource-group $RG --name $MEMBER_1 --query "fqdn" -o tsv):443
+    MEMBER_2_ADDR=https://$(az aks show --resource-group $RG --name $MEMBER_2 --query "fqdn" -o tsv):443
+    MEMBER_3_ADDR=https://$(az aks show --resource-group $RG --name $MEMBER_3 --query "fqdn" -o tsv):443
+
+    connect_to_multi_cluster_service_mesh $MEMBER_1 $MEMBER_1_CTX $MEMBER_2_CTX $MEMBER_2 $MEMBER_2_ADDR $MEMBER_3_CTX $MEMBER_3 $MEMBER_3_ADDR
+    connect_to_multi_cluster_service_mesh $MEMBER_2 $MEMBER_2_CTX $MEMBER_1_CTX $MEMBER_1 $MEMBER_1_ADDR $MEMBER_3_CTX $MEMBER_3 $MEMBER_3_ADDR
+    connect_to_multi_cluster_service_mesh $MEMBER_3 $MEMBER_3_CTX $MEMBER_1_CTX $MEMBER_1 $MEMBER_1_ADDR $MEMBER_2_CTX $MEMBER_2 $MEMBER_2_ADDR
+
+    popd
+}
\ No newline at end of file
diff --git a/multi-cluster-ai-with-kaito/kaito.sh b/multi-cluster-ai-with-kaito/kaito.sh
new file mode 100644
index 0000000..46326a1
--- /dev/null
+++ b/multi-cluster-ai-with-kaito/kaito.sh
@@ -0,0 +1,69 @@
+function prep_kaito_setup() {
+    echo "Adding the KAITO Helm charts..."
+    helm repo add kaito https://kaito-project.github.io/kaito/charts/kaito
+    helm repo update
+
+    echo "Retrieving the KAITO GPU Provisioner setup script..."
+    GPU_PROVISIONER_VERSION=0.3.7
+    curl -sO https://raw.githubusercontent.com/Azure/gpu-provisioner/main/hack/deploy/configure-helm-values.sh
+}
+
+function install_kaito_core() {
+    echo "Installing KAITO core components in member cluster $1..."
+    kubectl config use-context $2
+    helm upgrade --install kaito-workspace kaito/workspace \
+        --namespace kaito-workspace \
+        --create-namespace \
+        --set clusterName="$1" \
+        --set featureGates.gatewayAPIInferenceExtension=true \
+        --wait
+}
+
+function install_kaito_gpu_provisioner() {
+    echo "Installing KAITO GPU provisioner in member cluster $1..."
+    kubectl config use-context $2
+
+    echo "Creating managed identity..."
+    local IDENTITY_NAME="kaitogpuprovisioner-$1"
+    az identity create --name $IDENTITY_NAME -g $RG
+    local IDENTITY_PRINCIPAL_ID=$(az identity show --name $IDENTITY_NAME -g $RG --query 'principalId' -o tsv)
+    az role assignment create \
+        --assignee $IDENTITY_PRINCIPAL_ID \
+        --scope /subscriptions/$SUBSCRIPTION/resourceGroups/$RG/providers/Microsoft.ContainerService/managedClusters/$1 \
+        --role "Contributor"
+
+    echo "Configuring Helm values..."
+    chmod +x ./configure-helm-values.sh && ./configure-helm-values.sh $1 $RG $IDENTITY_NAME
+
+    echo "Installing Helm chart..."
+    helm upgrade --install gpu-provisioner \
+        --values gpu-provisioner-values.yaml \
+        --set settings.azure.clusterName=$1 \
+        --wait \
+        https://github.com/Azure/gpu-provisioner/raw/gh-pages/charts/gpu-provisioner-$GPU_PROVISIONER_VERSION.tgz \
+        --namespace gpu-provisioner \
+        --create-namespace
+
+    echo "Enabling federated authentication..."
+    local AKS_OIDC_ISSUER=$(az aks show -n $1 -g $RG --query "oidcIssuerProfile.issuerUrl" -o tsv)
+    az identity federated-credential create \
+        --name kaito-federated-credential-$1 \
+        --identity-name $IDENTITY_NAME \
+        -g $RG \
+        --issuer $AKS_OIDC_ISSUER \
+        --subject system:serviceaccount:"gpu-provisioner:gpu-provisioner" \
+        --audience api://AzureADTokenExchange
+}
+
+function set_up_kaito() {
+    echo "Performing some preparatory steps before setting KAITO up..."
+    prep_kaito_setup
+
+    echo "Installing KAITO in member cluster $MEMBER_1..."
+    install_kaito_core $MEMBER_1 $MEMBER_1_CTX
+    install_kaito_gpu_provisioner $MEMBER_1 $MEMBER_1_CTX
+
+    echo "Installing KAITO in member cluster $MEMBER_2..."
+    install_kaito_core $MEMBER_2 $MEMBER_2_CTX
+    install_kaito_gpu_provisioner $MEMBER_2 $MEMBER_2_CTX
+}
\ No newline at end of file
diff --git a/multi-cluster-ai-with-kaito/kubefleet_placement.sh b/multi-cluster-ai-with-kaito/kubefleet_placement.sh
new file mode 100644
index 0000000..4d8c6e8
--- /dev/null
+++ b/multi-cluster-ai-with-kaito/kubefleet_placement.sh
@@ -0,0 +1,451 @@
+function install_crds_on_hub_cluster() {
+    echo "Installing required CRDs for resource placement..."
+    kubectl config use-context $FLEET_HUB_CTX
+
+    echo "Adding the KAITO workspace CRD..."
+    kubectl apply -f https://raw.githubusercontent.com/kaito-project/kaito/refs/tags/v0.7.1/charts/kaito/workspace/crds/kaito.sh_workspaces.yaml
+
+    echo "Adding Kubernetes Gateway API CRDs..."
+    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/standard-install.yaml
+
+    echo "Adding Kubernetes Gateway API Inference Extension CRDs..."
+    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api-inference-extension/releases/latest/download/manifests.yaml
+    # Delete the v1alpha1 Gateway Inference Extension CRD to avoid conflicts.
+    kubectl delete customresourcedefinition.apiextensions.k8s.io/inferencepools.inference.networking.x-k8s.io --ignore-not-found
+
+    echo "Adding the Istio DestinationRule CRD..."
+    kubectl apply -f https://gist.githubusercontent.com/michaelawyu/b93fec3b8eadc032a14bd52193080380/raw/9336c4c7bb0c5a73864ace6a73b64bc5ef9b9bff/istio-dr-crd.yaml
+}
+
+function install_crds_on_member_cluster() {
+    echo "Installing required CRDs for resource placement on member cluster $1..."
+    kubectl config use-context $2
+
+    echo "Adding Kubernetes Gateway API CRDs..."
+    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/standard-install.yaml
+
+    echo "Adding Kubernetes Gateway API Inference Extension CRDs..."
+    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api-inference-extension/releases/latest/download/manifests.yaml
+    # Delete the v1alpha1 Gateway Inference Extension CRD to avoid conflicts.
+    kubectl delete customresourcedefinition.apiextensions.k8s.io/inferencepools.inference.networking.x-k8s.io --ignore-not-found
+}
+
+function label_member_clusters() {
+    echo "Labeling member clusters for resource placement..."
+    kubectl config use-context $FLEET_HUB_CTX
+    kubectl label membercluster $MEMBER_1 env=prod
+    kubectl label membercluster $MEMBER_2 env=staging
+}
+
+function place_kaito_workspaces() {
+    echo "Placing Kaito workspaces on member cluster $1..."
+    kubectl config use-context $FLEET_HUB_CTX
+
+    echo "Adding the workspace to the KubeFleet hub cluster..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: kaito.sh/v1beta1
+kind: Workspace
+metadata:
+  name: $2
+  namespace: default
+inference:
+  preset:
+    accessMode: public
+    name: $3
+    presetOptions: {}
+resource:
+  count: 1
+  instanceType: $GPU_VM_SIZE
+  labelSelector:
+    matchLabels:
+      apps: $2
+EOF
+
+    echo "Adding the ResourcePlacement API object to the KubeFleet hub cluster..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: placement.kubernetes-fleet.io/v1beta1
+kind: ResourcePlacement
+metadata:
+  name: kaito-workspace-$4
+  namespace: default
+spec:
+  resourceSelectors:
+    - group: kaito.sh
+      kind: Workspace
+      name: $2
+      version: v1beta1
+  policy:
+    placementType: PickN
+    numberOfClusters: 1
+    affinity:
+      clusterAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          clusterSelectorTerms:
+            - labelSelector:
+                matchLabels:
+                  env: $5
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 100%
+      unavailablePeriodSeconds: 1
+    applyStrategy:
+      whenToTakeOver: IfNoDiff
+      whenToApply: IfNotDrifted
+      allowCoOwnership: true
+    reportBackStrategy:
+      type: Mirror
+      destination: OriginalResource
+EOF
+}
+
+function place_inf_pool_epp_via_kubefleet() {
+    echo "Placing inference pools + EPPs on member cluster $3..."
+    kubectl config use-context $FLEET_HUB_CTX
+
+    echo "Installing related resources on the KubeFleet hub cluster..."
+    helm upgrade --install $1 \
+        --set inferencePool.modelServers.matchLabels."kaito\.sh\/workspace"=$2 \
+        --set inferencePool.targetPortNumber=5000 \
+        --set provider.name=istio \
+        --version v1.0.0 \
+        oci://registry.k8s.io/gateway-api-inference-extension/charts/inferencepool
+    kubectl patch infpool $1 --type='json' -p='[{"op": "replace", "path": "/spec/targetPorts/0/number", "value":5000}]'
+
+    cat <<EOF | kubectl apply -f -
+apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: $1-epp
+  namespace: default
+spec:
+  host: $1-epp
+  trafficPolicy:
+    tls:
+      insecureSkipVerify: true
+      mode: SIMPLE
+EOF
+
+    echo "Adding the ClusterResourcePlacement API object to the KubeFleet hub cluster..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: placement.kubernetes-fleet.io/v1beta1
+kind: ClusterResourcePlacement
+metadata:
+  name: infpool-epp-$1
+spec:
+  resourceSelectors:
+    - group: rbac.authorization.k8s.io
+      kind: ClusterRole
+      name: $1-epp
+      version: v1
+    - group: rbac.authorization.k8s.io
+      kind: ClusterRoleBinding
+      name: $1-epp
+      version: v1
+  policy:
+    placementType: PickFixed
+    clusterNames:
+    - $3
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 100%
+      unavailablePeriodSeconds: 1
+    applyStrategy:
+      whenToTakeOver: IfNoDiff
+      whenToApply: IfNotDrifted
+EOF
+
+    echo "Adding the ResourcePlacement API object to the KubeFleet hub cluster..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: placement.kubernetes-fleet.io/v1beta1
+kind: ResourcePlacement
+metadata:
+  name: infpool-epp-$1
+  namespace: default
+spec:
+  resourceSelectors:
+    - group: ""
+      kind: ConfigMap
+      name: $1-epp
+      version: v1
+    - group: apps
+      kind: Deployment
+      name: $1-epp
+      version: v1
+    - group: ""
+      kind: Service
+      name: $1-epp
+      version: v1
+    - group: inference.networking.k8s.io
+      kind: InferencePool
+      name: $1
+      version: v1
+    - group: rbac.authorization.k8s.io
+      kind: Role
+      name: $1-epp
+      version: v1
+    - group: rbac.authorization.k8s.io
+      kind: RoleBinding
+      name: $1-epp
+      version: v1
+    - group: ""
+      kind: ServiceAccount
+      name: $1-epp
+      version: v1
+    - group: networking.istio.io
+      kind: DestinationRule
+      name: $1-epp
+      version: v1
+  policy:
+    placementType: PickFixed
+    clusterNames:
+    - $3
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 100%
+      unavailablePeriodSeconds: 1
+    applyStrategy:
+      whenToTakeOver: IfNoDiff
+      whenToApply: IfNotDrifted
+EOF
+}
+
+function place_inf_pool_epp_for_routing_via_kubefleet() {
+    echo "Placing inference pools + EPPs on member cluster $MEMBER_3..."
+    kubectl config use-context $FLEET_HUB_CTX
+
+    echo "Adding the ResourcePlacement API object to the KubeFleet hub cluster..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: placement.kubernetes-fleet.io/v1beta1
+kind: ResourcePlacement
+metadata:
+  name: infpool-epp-routing
+  namespace: default
+spec:
+  resourceSelectors:
+    - group: ""
+      kind: Service
+      name: $DEEPSEEK_INF_POOL_INSTALLATION-epp
+      version: v1
+    - group: inference.networking.k8s.io
+      kind: InferencePool
+      name: $DEEPSEEK_INF_POOL_INSTALLATION
+      version: v1
+    - group: networking.istio.io
+      kind: DestinationRule
+      name: $DEEPSEEK_INF_POOL_INSTALLATION-epp
+      version: v1
+    - group: ""
+      kind: Service
+      name: $PHI4_INF_POOL_INSTALLATION-epp
+      version: v1
+    - group: inference.networking.k8s.io
+      kind: InferencePool
+      name: $PHI4_INF_POOL_INSTALLATION
+      version: v1
+    - group: networking.istio.io
+      kind: DestinationRule
+      name: $PHI4_INF_POOL_INSTALLATION-epp
+      version: v1
+  policy:
+    placementType: PickFixed
+    clusterNames:
+    - $MEMBER_3
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 100%
+      unavailablePeriodSeconds: 1
+    applyStrategy:
+      whenToTakeOver: IfNoDiff
+      whenToApply: IfNotDrifted
+EOF
+}
+
+function place_single_cluster_gateway_via_kubefleet() {
+    echo "Placing gateways on member cluster $1..."
+    kubectl config use-context $FLEET_HUB_CTX
+
+    echo "Adding the Gateway API object to the KubeFleet hub cluster..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: $INFERENCE_GATEWAY-$2
+spec:
+  gatewayClassName: istio
+  listeners:
+  - name: http
+    port: 80
+    protocol: HTTP
+EOF
+
+    echo "Adding the HTTPRoute API object to the KubeFleet hub cluster..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: single-model-routes-$2
+spec:
+  parentRefs:
+  - name: $INFERENCE_GATEWAY-$2
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: $2
+      group: inference.networking.k8s.io
+      kind: InferencePool
+EOF
+
+    echo "Adding the ResourcePlacement API object to the KubeFleet hub cluster..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: placement.kubernetes-fleet.io/v1beta1
+kind: ResourcePlacement
+metadata:
+  name: gateway-$2
+  namespace: default
+spec:
+  resourceSelectors:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: $INFERENCE_GATEWAY-$2
+      version: v1
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      name: single-model-routes-$2
+      version: v1
+  policy:
+    placementType: PickFixed
+    clusterNames:
+    - $1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 100%
+      unavailablePeriodSeconds: 1
+    applyStrategy:
+      whenToTakeOver: IfNoDiff
+      whenToApply: IfNotDrifted
+EOF
+}
+
+function place_multi_cluster_gateway_via_kubefleet() {
+    echo "Placing multi-cluster gateways on member cluster $MEMBER_3..."
+    kubectl config use-context $FLEET_HUB_CTX
+
+    echo "Adding the Gateway API object to the KubeFleet hub cluster..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: $INFERENCE_GATEWAY
+spec:
+  gatewayClassName: istio
+  listeners:
+  - name: http
+    port: 80
+    protocol: HTTP
+EOF
+
+    echo "Adding the HTTPRoute API object to the KubeFleet hub cluster..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: multi-model-routes
+spec:
+  parentRefs:
+  - name: $INFERENCE_GATEWAY
+  rules:
+  - matches:
+    - headers:
+      - type: Exact
+        name: x-selected-model
+        value: deepseek-r1-distill-qwen-14b
+      path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: deepseek
+      group: inference.networking.k8s.io
+      kind: InferencePool
+  - matches:
+    - headers:
+      - type: Exact
+        name: x-selected-model
+        value: phi-4
+      path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: phi4
+      group: inference.networking.k8s.io
+      kind: InferencePool
+EOF
+
+    echo "Adding the ResourcePlacement API object to the KubeFleet hub cluster..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: placement.kubernetes-fleet.io/v1beta1
+kind: ResourcePlacement
+metadata:
+  name: llm-routing-gateway
+  namespace: default
+spec:
+  resourceSelectors:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: $INFERENCE_GATEWAY
+      version: v1
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      name: multi-model-routes
+      version: v1
+    - group: networking.istio.io
+      kind: DestinationRule
+      name: $DEEPSEEK_INF_POOL_INSTALLATION-epp
+      version: v1
+    - group: networking.istio.io
+      kind: DestinationRule
+      name: $PHI4_INF_POOL_INSTALLATION-epp
+      version: v1
+  policy:
+    placementType: PickFixed
+    clusterNames:
+    - $MEMBER_3
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 100%
+      unavailablePeriodSeconds: 1
+    applyStrategy:
+      whenToTakeOver: IfNoDiff
+      whenToApply: IfNotDrifted
+EOF
+}
+
+function place_resources_via_kubefleet() {
+    echo "Placing resources via KubeFleet..."
+
+    install_crds_on_hub_cluster
+    install_crds_on_member_cluster $MEMBER_1 $MEMBER_1_CTX
+    install_crds_on_member_cluster $MEMBER_2 $MEMBER_2_CTX
+    install_crds_on_member_cluster $MEMBER_3 $MEMBER_3_CTX
+    label_member_clusters
+
+    place_kaito_workspaces $MEMBER_1 $DEEPSEEK_WORKSPACE $DEEPSEEK_MODEL $DEEPSEEK_INF_POOL_INSTALLATION "prod"
+    place_kaito_workspaces $MEMBER_2 $PHI4_WORKSPACE $PHI4_MODEL $PHI4_INF_POOL_INSTALLATION "staging"
+
+    place_inf_pool_epp_via_kubefleet $DEEPSEEK_INF_POOL_INSTALLATION $DEEPSEEK_WORKSPACE $MEMBER_1
+    place_inf_pool_epp_via_kubefleet $PHI4_INF_POOL_INSTALLATION $PHI4_WORKSPACE $MEMBER_2
+
+    place_single_cluster_gateway_via_kubefleet $MEMBER_1 $DEEPSEEK_INF_POOL_INSTALLATION
+    place_single_cluster_gateway_via_kubefleet $MEMBER_2 $PHI4_INF_POOL_INSTALLATION
+
+    place_inf_pool_epp_for_routing_via_kubefleet
+    place_multi_cluster_gateway_via_kubefleet
+}
\ No newline at end of file
diff --git a/multi-cluster-ai-with-kaito/kubefleet_setup.sh b/multi-cluster-ai-with-kaito/kubefleet_setup.sh
new file mode 100644
index 0000000..ba5cf60
--- /dev/null
+++ b/multi-cluster-ai-with-kaito/kubefleet_setup.sh
@@ -0,0 +1,118 @@
+function build_kubefleet_images() {
+    export OUTPUT_TYPE="type=registry"
+    export REGISTRY="$ACR.azurecr.io"
+    export TAG="demo"
+    export TARGET_ARCH="amd64"
+    export AUTO_DETECT_ARCH="FALSE"
+
+    echo "Cloning the KubeFleet source code repository..."
+    git clone https://github.com/kubefleet-dev/kubefleet.git
+    pushd kubefleet
+    git checkout kubefleet-kaito-demo-2025
+
+    echo "Building the KubeFleet images and pushing them to ACR..."
+    make docker-build-hub-agent
+    make docker-build-member-agent
+    make docker-build-refresh-token
+}
+
+function install_kubefleet_hub_agent() {
+    echo "Installing KubeFleet hub agent in the KubeFleet hub cluster..."
+    kubectl config use-context $FLEET_HUB_CTX
+    helm upgrade --install hub-agent ./charts/hub-agent/ \
+        --set image.pullPolicy=Always \
+        --set image.repository=$REGISTRY/$HUB_AGENT_IMAGE \
+        --set image.tag=$TAG \
+        --set namespace=fleet-system \
+        --set logVerbosity=5 \
+        --set enableWebhook=false \
+        --set webhookClientConnectionType=service \
+        --set forceDeleteWaitTime="1m0s" \
+        --set clusterUnhealthyThreshold="3m0s" \
+        --set logFileMaxSize=100000 \
+        --set MaxConcurrentClusterPlacement=200 \
+        --set resourceSnapshotCreationMinimumInterval=$RESOURCE_SNAPSHOT_CREATION_MINIMUM_INTERVAL \
+        --set resourceChangesCollectionDuration=$RESOURCE_CHANGES_COLLECTION_DURATION
+}
+
+function set_up_kubefleet_member_cluster_access() {
+    echo "Creating the service account for KubeFleet member cluster $1..."
+    kubectl config use-context $FLEET_HUB_CTX
+    kubectl create serviceaccount fleet-member-agent-$1 -n fleet-system
+    cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: fleet-member-agent-$1-sa
+  namespace: fleet-system
+  annotations:
+    kubernetes.io/service-account.name: fleet-member-agent-$1
+type: kubernetes.io/service-account-token
+EOF
+
+    echo "Adding the service account token to the KubeFleet member cluster $1..."
+    local TOKEN=$(kubectl get secret fleet-member-agent-$1-sa -n fleet-system -o jsonpath='{.data.token}' | base64 -d)
+    kubectl config use-context $2
+    kubectl delete secret hub-kubeconfig-secret --ignore-not-found
+    kubectl create secret generic hub-kubeconfig-secret --from-literal=token=$TOKEN
+}
+
+function install_kubefleet_member_agent() {
+    echo "Installing KubeFleet member agent in the KubeFleet member cluster $1..."
+    kubectl config use-context $2
+
+    helm upgrade --install member-agent ./charts/member-agent/ \
+        --set config.hubURL=$FLEET_HUB_ADDR \
+        --set image.repository=$REGISTRY/$MEMBER_AGENT_IMAGE \
+        --set image.tag=$TAG \
+        --set refreshtoken.repository=$REGISTRY/$REFRESH_TOKEN_IMAGE \
+        --set refreshtoken.tag=$TAG \
+        --set image.pullPolicy=Always \
+        --set refreshtoken.pullPolicy=Always \
+        --set config.memberClusterName=$1 \
+        --set logVerbosity=5 \
+        --set namespace=fleet-system \
+        --set enableV1Alpha1APIs=false \
+        --set enableV1Beta1APIs=true \
+        --set propertyProvider=$PROPERTY_PROVIDER
+}
+
+function create_member_cluster_object() {
+    echo "Creating KubeFleet MemberCluster API object for cluster $1 in the hub cluster..."
+    kubectl config use-context $FLEET_HUB_CTX
+
+    cat <<EOF | kubectl apply -f -
+apiVersion: cluster.kubernetes-fleet.io/v1beta1
+kind: MemberCluster
+metadata:
+  name: $1
+spec:
+  identity:
+    name: fleet-member-agent-$1
+    kind: ServiceAccount
+    namespace: fleet-system
+    apiGroup: ""
+EOF
+}
+
+function set_up_kubefleet() {
+    echo "Setting up the KubeFleet hub cluster..."
+    install_kubefleet_hub_agent
+
+    echo "Setting up the KubeFleet member clusters..."
+    FLEET_HUB_ADDR=https://$(az aks show --resource-group $RG --name $FLEET_HUB --query "fqdn" -o tsv):443
+    
+    set_up_kubefleet_member_cluster_access $MEMBER_1 $MEMBER_1_CTX
+    install_kubefleet_member_agent $MEMBER_1 $MEMBER_1_CTX
+    create_member_cluster_object $MEMBER_1
+
+    set_up_kubefleet_member_cluster_access $MEMBER_2 $MEMBER_2_CTX
+    install_kubefleet_member_agent $MEMBER_2 $MEMBER_2_CTX
+    create_member_cluster_object $MEMBER_2
+
+    set_up_kubefleet_member_cluster_access $MEMBER_3 $MEMBER_3_CTX
+    install_kubefleet_member_agent $MEMBER_3 $MEMBER_3_CTX
+    create_member_cluster_object $MEMBER_3
+
+    popd
+}
\ No newline at end of file
diff --git a/multi-cluster-ai-with-kaito/litellm/README.md b/multi-cluster-ai-with-kaito/litellm/README.md
new file mode 100644
index 0000000..fda2e96
--- /dev/null
+++ b/multi-cluster-ai-with-kaito/litellm/README.md
@@ -0,0 +1,79 @@
+# Instructions for setting up the LiteLLM proxy
+
+This document provides additional instructions for setting up the LiteLLM proxy in your environment.
+
+## Before you begin
+
+* Make sure that you have completed other parts of the tutorial.
+* Set up a PostgreSQL database server, which LiteLLM requires for storing information.
+    * Any PostgreSQL installation should work, as long as the Kubernetes clusters you have created in this
+    tutorial can access the PostgreSQL instance. You may use an
+    [Azure DB for PostgreSQL instance](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/quickstart-create-server),
+    or deploy a PostgreSQL operator inside the query routing cluster.
+    * After the PostgreSQL database server is set up, create a database `litellm` in the server.
+
+        ```sql
+        CREATE DATABASE litellm
+        ```
+    
+    * Write down the address of the server, the password of the default `postgres` user, and a username/password combo that LiteLLM
+    will use to access the server.
+
+## Setting up LiteLLM
+
+* Edit the `secret.yaml` file in the directory, replace `POSTGRES-PASSWORD`, `YOUR-USERNAME`, and `YOUR-PASSWORD` with
+the password of the default `postgres` user, and the username/password for the account that LiteLLM will use respectively.
+* Edit the `values.yaml` file in the directory, replace `YOUR-POSTGRES-ENDPOINT` with the address of your PostgreSQL database server.
+    * You may find out that there are various placeholders in the file; it is OK to leave them as they are.
+* Switch to the current directory, and run the command below to deploy the LiteLLM proxy:
+
+    ```sh
+    helm install litellm --values ./values.yaml oci://ghcr.io/berriai/litellm-helm:0.1.742 --namespace litellm --create-namespace
+    kubectl apply -f ./secret.yaml
+    ```
+
+    It may take a few moments before the LiteLLM proxy starts up.
+
+* LiteLLM will create a secret in the `litellm` namespace, `litellm-masterkey`, that contains the password of the `admin` user, which
+you can use to access the LiteLLM UI. To retrieve the password, run the commands below:
+
+    ```sh
+    kubectl get secret -n litellm litellm-masterkey -o jsonpath='{.data.masterkey}' | base64 -d
+    ```
+
+    Write down the output. Depending on the shell program you use, you may see a precentage sign `%` at the end of the output,
+    which represents a missing new line character; ignore it: for example, if the output is `123456%`, the password
+    should be `123456`.
+
+* Port forward the LiteLLM service:
+
+    ```sh
+    export LITELLM_FORWARDING_PORT=10000
+    kubectl port-forward svc/litellm -n litellm $LITELLM_FORWARDING_PORT:4000
+    ```
+
+* Open a browser window, and go to `localhost:10000/ui`. You should see that the LiteLLM UI loads up. If prompted for username/password,
+use the username `admin` and the master password you just wrote down.
+
+* On the left panel, click `Models + Endpoints`. Then switch to the `Add Model` tab.
+
+* Add a new model using the setup below:
+
+    * For the `Provider` part, pick `OpenAI-Compatible Endpoints`.
+    * For the `LiteLLM Model Name(s)` part, type `openai/auto`.
+    * For the `Mode` part, pick `Chat - /chat/completions`.
+    * For the `API Base` part, type `http://inference-gateway-istio.default.svc.cluster.local/v1` if you haven't updated the name of
+    the inference gateway when you set up the environment; replace `inference-gateway` with the value of your own if the name
+    has been modified.
+    * No need to change other parts.
+
+* Click the `Test Connect` button; you should see a connection successful message.
+* Click the `Add Model` button to add the model.
+
+* On the left panel, check `Test Key`.
+
+* Make sure that in the `Configurations` panel, the model `openai/auto` has been selected and the endpoint type is `/v1/chat/completions`.
+
+* You can now use the chat panel to interact with the models. 
+    * Note that conversational continuity may lead to your messages keep landing on the same model; remember to clear the chat history
+    using the `Clear Chat` button as necessary.
diff --git a/multi-cluster-ai-with-kaito/litellm/secret.yaml b/multi-cluster-ai-with-kaito/litellm/secret.yaml
new file mode 100644
index 0000000..f3007f8
--- /dev/null
+++ b/multi-cluster-ai-with-kaito/litellm/secret.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: litellm
+  name: postgres
+data:
+  # Password for the "postgres" user
+  postgres-password: POSTGRES-PASSWORD
+  username: YOUR-USERNAME
+  password: YOUR-PASSWORD
+type: Opaque
\ No newline at end of file
diff --git a/multi-cluster-ai-with-kaito/litellm/values.yaml b/multi-cluster-ai-with-kaito/litellm/values.yaml
new file mode 100644
index 0000000..213e737
--- /dev/null
+++ b/multi-cluster-ai-with-kaito/litellm/values.yaml
@@ -0,0 +1,28 @@
+db:
+  deployStandalone: false
+  # Use an existing postgres server/cluster
+  useExisting: true
+
+  # How to connect to the existing postgres server/cluster
+  endpoint: YOUR-POSTGRES-ENDPOINT
+  database: litellm
+  url: postgresql://$(DATABASE_USERNAME):$(DATABASE_PASSWORD)@$(DATABASE_HOST)/$(DATABASE_NAME)
+  secret:
+    name: postgres
+    usernameKey: username
+    passwordKey: password
+
+# The elements within proxy_config are rendered as config.yaml for the proxy
+#  Examples: https://github.com/BerriAI/litellm/tree/main/litellm/proxy/example_config_yaml
+#  Reference: https://docs.litellm.ai/docs/proxy/configs
+proxy_config:
+  model_list:
+    # At least one model must exist for the proxy to start; this model might not actually exist.
+    - model_name: phi-4 # used in litellm proxy
+      litellm_params:
+        model: openai/$KAITO_MODEL_NAME  # openai prefix is required
+        api_key: fake-key
+        api_base: http://$WORKSPACE_SVC/v1
+  general_settings:
+    master_key: os.environ/PROXY_MASTER_KEY
+    store_model_in_db: true
diff --git a/multi-cluster-ai-with-kaito/semantic_router.sh b/multi-cluster-ai-with-kaito/semantic_router.sh
new file mode 100644
index 0000000..ab85916
--- /dev/null
+++ b/multi-cluster-ai-with-kaito/semantic_router.sh
@@ -0,0 +1,57 @@
+function set_up_semantic_router() {
+    echo "Setting up semantic router in member cluster $MEMBER_3..."
+
+    kubectl config use-context $MEMBER_3_CTX
+    helm upgrade \
+        --install semantic-router \
+        --namespace vllm-semantic-router-system \
+        --create-namespace \
+        --set namespace.create=false \
+        charts/semantic-router.tgz
+    
+    cat <<EOF | kubectl apply -f -
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: semantic-router
+  namespace: default
+spec:
+  configPatches:
+  - applyTo: HTTP_FILTER
+    match:
+      context: GATEWAY
+      listener:
+        filterChain:
+          filter:
+            name: envoy.filters.network.http_connection_manager
+            subFilter:
+              name: envoy.filters.http.router
+    patch:
+      operation: INSERT_BEFORE
+      value:
+        name: envoy.filters.http.ext_proc
+        typed_config:
+          '@type': type.googleapis.com/envoy.extensions.filters.http.ext_proc.v3.ExternalProcessor
+          allow_mode_override: true
+          failure_mode_allow: true
+          grpc_service:
+            envoy_grpc:
+              cluster_name: outbound|50051||semantic-router.vllm-semantic-router-system.svc.cluster.local
+            timeout: 30s
+          max_message_timeout: 600s
+          message_timeout: 300s
+          mutation_rules:
+            allow_all_routing: false
+            allow_envoy: false
+            disallow_system: true
+          processing_mode:
+            request_body_mode: BUFFERED
+            request_header_mode: SEND
+            request_trailer_mode: SKIP
+            response_body_mode: BUFFERED
+            response_header_mode: SEND
+            response_trailer_mode: SKIP
+EOF
+
+    popd
+}
\ No newline at end of file
diff --git a/multi-cluster-ai-with-kaito/setup.sh b/multi-cluster-ai-with-kaito/setup.sh
new file mode 100755
index 0000000..933007f
--- /dev/null
+++ b/multi-cluster-ai-with-kaito/setup.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# Required variables.
+if [ -z "$SUBSCRIPTION" ]; then
+    echo "Variable SUBSCRIPTION is not set"
+    exit 1
+fi
+
+# Default configuration for the setup.
+RG="${RG:-kubefleet-kaito-demo-2025}"
+LOCATION="${LOCATION:-eastus}"
+VNET="${VNET:-shared-vnet}"
+VNET_ADDR_PREFIX="${VNET_ADDR_PREFIX:-'10.0.0.0/8'}"
+SUBNET_1="${SUBNET_1:-aks-subnet-1}"
+SUBNET_1_ADDR_PREFIX="${SUBNET_1_ADDR_PREFIX:-'10.1.0.0/16'}"
+SUBNET_2="${SUBNET_2:-aks-subnet-2}"
+SUBNET_2_ADDR_PREFIX="${SUBNET_2_ADDR_PREFIX:-'10.2.0.0/16'}"
+SUBNET_3="${SUBNET_3:-aks-subnet-routing}"
+SUBNET_3_ADDR_PREFIX="${SUBNET_3_ADDR_PREFIX:-'10.3.0.0/16'}"
+FLEET_HUB="${FLEET_HUB:-hub-cluster}"
+MEMBER_1="${MEMBER_1:-model-serving-cluster-1}"
+MEMBER_2="${MEMBER_2:-model-serving-cluster-2}"
+MEMBER_3="${MEMBER_3:-query-routing-cluster}"
+ACR="${ACR:-kubefleetkaitodemo2025$(echo $RANDOM | md5sum | head -c 6)}"
+VM_SIZE="${VM_SIZE:-Standard_D4s_v3}"
+GPU_VM_SIZE="${GPU_VM_SIZE:-Standard_NC24ads_A100_v4}"
+DEEPSEEK_WORKSPACE="${DEEPSEEK_WORKSPACE:-workspace-deepseek-r1-distill-qwen-14b}"
+PHI4_WORKSPACE="${PHI4_WORKSPACE:-workspace-phi-4}"
+DEEPSEEK_MODEL="${DEEPSEEK_MODEL:-deepseek-r1-distill-qwen-14b}"
+PHI4_MODEL="${PHI4_MODEL:-phi-4}"
+DEEPSEEK_INF_POOL_INSTALLATION="${DEEPSEEK_INF_POOL_INSTALLATION:-deepseek}"
+PHI4_INF_POOL_INSTALLATION="${PHI4_INF_POOL_INSTALLATION:-phi4}"
+MEMBER_1_CTX=$MEMBER_1-admin
+MEMBER_2_CTX=$MEMBER_2-admin
+MEMBER_3_CTX=$MEMBER_3-admin
+FLEET_HUB_CTX=$FLEET_HUB-admin
+INFERENCE_GATEWAY="inference-gateway"
+
+# The configuration below are for the KubeFleet setup; in most cases they do not need to be changed.
+HUB_AGENT_IMAGE="hub-agent"
+MEMBER_AGENT_IMAGE="member-agent"
+REFRESH_TOKEN_IMAGE="refresh-token"
+PROPERTY_PROVIDER="azure"
+RESOURCE_SNAPSHOT_CREATION_MINIMUM_INTERVAL="0m"
+RESOURCE_CHANGES_COLLECTION_DURATION="0m"
+REGISTRY="$ACR.azurecr.io"
+TAG="demo"
+
+# The configuration below are for the Istio setup; in most cases they do not need to be changed.
+ISTIO_TAG=1.28.0-beta.1
+
+# Source the utility functions.
+source ./azresources.sh
+source ./kubefleet_setup.sh
+source ./istio.sh
+source ./kaito.sh
+source ./kubefleet_placement.sh
+source ./semantic_router.sh
+
+# Log in to Azure CLI and set the subscription to use.
+az login
+az account set --subscription $SUBSCRIPTION
+
+# Set up the Azure resource group.
+echo "Creating resource group $RG in location $LOCATION..."
+az group create --name $RG --location $LOCATION
+
+# Set up the Azure networking resources.
+create_azure_vnet
+create_azure_vnet_subnets
+
+# Set up the AKS clusters.
+create_aks_clusters
+
+# Set up the ACR.
+create_acr
+
+# Set up KubeFleet.
+build_kubefleet_images
+set_up_kubefleet
+
+# Set up Istio.
+set_up_istio
+
+# Set up Kaito.
+set_up_kaito
+
+# Place resources via KubeFleet.
+place_resources_via_kubefleet
+
+# Set up semantic router.
+set_up_semantic_router