Ahhh, ok.  That's actually a lot more simple than I thought it was.  So I've already got a config and when I turn on the VDOMs all my rules fall under "Root".  I think I'll take a backup and then modify the backup to move those interfaces from "Root" to the "Primary_DR".  

I figured out that you've got to create those interfaces under the global vdom.  I've figured out how to manipulate a backup config file so that all my existing rules that automatically get moved to "root" can end up under "Primary_DR" where I would like them.  However, I'm lost on the routing.  How do I route either of the non-root VDOMs to port5?  It's not an option when I go to create a static route.  The only VDOM that even sees port5 is the root vdom.  Likewise, I'm not sure how P2P IPSec VPN tunnels would work as the VDOMs don't see the "outside" interface.  Is this where I need to create the Inter-VDOM links explained in the link supplied earlier?  Then my "outside" interface for each VDOM becomes the link between the specific VDOM and the "Root" VDOM?

Ok, so the individual vlan interfaces are set up under global, with the vlan interface being called out as belonging to an individual VDOM there.  That makes sense for the inside interfaces.  However, how do you share like 1 single outside interface?  Would Root have the outside interface in it's vdom with the routing assigned at the Root VDOM.  Then like Primary_DR and Bubble_Test would each have an inter VDOM link to root?  How does Root know to route traffic to Primary_DR or Bubble_Test?  Like Primary_DR will have IPSec VPN connections, but Bubble_Test will just have SSL VPN. 
It seems like VDOMs are easy if you are assigning a physical interface to each vdom and there are several videos that I've found on youtube explaining that.  However, when all the VDOMs share physical 1 ingress and physical 1 egress things get a lot muddier and I can't find any good documentation or videos on it. 

I've got an old FortGate 50E.  I was able to get it upgraded to 6.2.16 and turn on vdoms.

I created the VLAN interfaces under 1 physical interface.  The Vlan interfaces all have different VLAN IDs but each VDOM has the same IP addresses (which is what production will look like).

I then created the inter-vdom link between Root<>Primary, using 1.1.1.1/30 for root and 1.1.1.2 for Primary.  Then I created the inter-vdom link between Root<>Bubble using 1.1.1.5/30 for root and 1.1.1.6/30 for primary.

Under the Root VDOM I created routes for the 10.81.10.0/24 network to both Primary and Bubble.

Under the Primary VDOM I created a static default route to 0.0.0.0/0 using the 1.1.1.1 gateway IP and the Inter-vdom link as the interface.

Under the Bubble VDOM I created a static default route to 0.0.0.0/0 using the 1.1.1.5 gateway IP and the Inter-vdom link as the interface.

I created firewall rules under each vdom allowing traffic.

Boom..... It works!

I don't understand HOW it works though?  How the heck does the Fortigate know which 10.81.10.0/24 network to route too? I mean there is some serious black magic going on.  It's kind of neat and you're totally right, not all that difficult to set up (if you have the hardware to set it up and play with).

I won't use 1.1.1.x on vdom links. The reason why they are public IP addresses in use (you can ping 1.1.1.1, 2. 3 - APNIC and Cloudflare DNS Resolver project).

You should use a private IP ranges for transport networks. So choose a /24 that you are not planning to use, divide in /30 subnets and replace the 1.1.1.x/30 assigned. 

Regarding your setup, root vdom does not know which 10.81.10.0/24 you are referring to. You can run 'diag sniffer packet any "host 10.81.10.x and icmp" (replace x by the ip address assigned) on root vdom and you will figure out which vdom the traffic is being sent (Primary or Bubble).