I attached the ziti-edge-tunnel
just to emulate "some other machine" on that 'blue' network. Basically that ziti-edge-tunnel
will connect to any configured Edge Router in your overlay. In the docker-compose quickstart, that's only going to be the one "ziti-edge-router" container. That will provide access into the 'blue' network from that identity.
Your question #3 touches on this topic too - can't the same be done without the ziti-edge-tunnel
by using the router deployed into the blue / red network with "tunneler" mode activated on it. That works with the edge enabled, yes. Just change the docker-compose file you start by updating two lines in the compose file so that ziti-private-red and ziti-private-blue use edge
not private
:
command: "/openziti/scripts/run-router.sh edge"
instead of what is currently there:
command: "/openziti/scripts/run-router.sh private"
Realistically "nothing" yet. The idea is to just illustrate the concept that OpenZiti is a full mesh and there are routers which are not used for 'edge' and are just used for transit. The idea in my head is to some day tune the paths in the fabric and steer/shape traffic accordingly. I don't have any doc on doing that yet so - totally not needed.
The wss one is to support an upcoming (and exciting) thing we call browzer. Browzer provides zero trust connectivity into your browser without needing to install a plugin. You can watch the Youtube channel for @curt posting about browzer but - for now you don't need that either...
The 'simplest' compose file is actually https://github.com/openziti/ziti/blob/release-next/quickstart/docker/simplified-docker-compose.yml . This is nothing more than just controller, one edge router, and ZAC. I tend to deploy the "non-simplified" one just because I like having the extra networks, routers to play with...