Hello again,
So I have another question about the quickstart. I ask for your forbearance, the quickstart is what I have the most experience with and I am trying to reconcile what I do and don't need for a really simple, repeatable production instance.
If you search the forum for opinionated
, two of the the results essentially say the quickstart is very opinionated
. I have also had a chance to see how the quickstart script walks through the creation of the PKI. What I am unsure about is what is truly opinionated and what is just a sane default?
For instance, when I think of something being opinionated, I think of the fork of neovim vs vim, the former makes architectural decisions that vary greatly from the latter. Another example would be zsh vs fish for shells, very opinionated when it comes to POSIX compatibility, for instance.
So, with that in mind, does the quickstart believe a certain way of approaching the process is inherently better and provides actions crafted around that approach? Or, does it instead make assumptions, and without providing information to override them, it simply proceeds with those assumptions?
For instance, below is the tree
of the volume created by the quickstart in docker. What in this tree is Opinionated and what is simple an Assumption?
root@ziti-dev:/var/lib/docker/volumes# tree
.
├── backingFsBlockDev
├── metadata.db
└── ziti_ziti-fs
└── _data
├── access-control.init
├── db
│ └── ctrl.db
├── pki
│ ├── cas.pem
│ ├── signing.pem
│ ├── ziti-dev.jptech.corp-intermediate
│ │ ├── certs
│ │ │ ├── ziti-dev.jptech.corp-client.cert
│ │ │ ├── ziti-dev.jptech.corp-intermediate.cert
│ │ │ ├── ziti-dev.jptech.corp-intermediate.chain.pem
│ │ │ ├── ziti-dev.jptech.corp-server.cert
│ │ │ └── ziti-dev.jptech.corp-server.chain.pem
│ │ ├── crlnumber
│ │ ├── crls
│ │ ├── index.txt
│ │ ├── index.txt.attr
│ │ ├── keys
│ │ │ ├── ziti-dev.jptech.corp-client.key
│ │ │ ├── ziti-dev.jptech.corp-intermediate.key
│ │ │ └── ziti-dev.jptech.corp-server.key
│ │ └── serial
│ ├── ziti-dev.jptech.corp-root-ca
│ │ ├── certs
│ │ │ ├── ziti-dev.jptech.corp-intermediate.cert
│ │ │ └── ziti-dev.jptech.corp-root-ca.cert
│ │ ├── crlnumber
│ │ ├── crls
│ │ ├── index.txt
│ │ ├── index.txt.attr
│ │ ├── keys
│ │ │ ├── ziti-dev.jptech.corp-intermediate.key
│ │ │ └── ziti-dev.jptech.corp-root-ca.key
│ │ └── serial
│ ├── ziti-edge-controller-intermediate
│ │ ├── certs
│ │ │ ├── ziti-dev.jptech.corp-client.cert
│ │ │ ├── ziti-dev.jptech.corp-server.cert
│ │ │ ├── ziti-dev.jptech.corp-server.chain.pem
│ │ │ ├── ziti-edge-controller-intermediate.cert
│ │ │ └── ziti-edge-controller-intermediate.chain.pem
│ │ ├── crlnumber
│ │ ├── crls
│ │ ├── index.txt
│ │ ├── index.txt.attr
│ │ ├── keys
│ │ │ ├── ziti-dev.jptech.corp-client.key
│ │ │ ├── ziti-dev.jptech.corp-server.key
│ │ │ └── ziti-edge-controller-intermediate.key
│ │ └── serial
│ ├── ziti-edge-controller-root-ca
│ │ ├── certs
│ │ │ ├── ziti-edge-controller-intermediate.cert
│ │ │ └── ziti-edge-controller-root-ca.cert
│ │ ├── crlnumber
│ │ ├── crls
│ │ ├── index.txt
│ │ ├── index.txt.attr
│ │ ├── keys
│ │ │ ├── ziti-edge-controller-intermediate.key
│ │ │ └── ziti-edge-controller-root-ca.key
│ │ └── serial
│ ├── ziti-signing-intermediate
│ │ ├── certs
│ │ │ ├── ziti-signing-intermediate.cert
│ │ │ └── ziti-signing-intermediate.chain.pem
│ │ ├── crlnumber
│ │ ├── crls
│ │ ├── index.txt
│ │ ├── index.txt.attr
│ │ ├── keys
│ │ │ └── ziti-signing-intermediate.key
│ │ └── serial
│ ├── ziti-signing-intermediate_grandparent_intermediate
│ │ ├── certs
│ │ │ ├── ziti-signing-intermediate.cert
│ │ │ ├── ziti-signing-intermediate_grandparent_intermediate.cert
│ │ │ └── ziti-signing-intermediate_grandparent_intermediate.chain.pem
│ │ ├── crlnumber
│ │ ├── crls
│ │ ├── index.txt
│ │ ├── index.txt.attr
│ │ ├── keys
│ │ │ ├── ziti-signing-intermediate.key
│ │ │ └── ziti-signing-intermediate_grandparent_intermediate.key
│ │ └── serial
│ └── ziti-signing-root-ca
│ ├── certs
│ │ ├── ziti-signing-intermediate_grandparent_intermediate.cert
│ │ └── ziti-signing-root-ca.cert
│ ├── crlnumber
│ ├── crls
│ ├── index.txt
│ ├── index.txt.attr
│ ├── keys
│ │ ├── ziti-signing-intermediate_grandparent_intermediate.key
│ │ └── ziti-signing-root-ca.key
│ └── serial
├── scripts
├── ziti-dev-router.jptech.corp.cas
├── ziti-dev-router.jptech.corp.cert
├── ziti-dev-router.jptech.corp.jwt
├── ziti-dev-router.jptech.corp.key
├── ziti-dev-router.jptech.corp.log
├── ziti-dev-router.jptech.corp.server.chain.cert
├── ziti-dev-router.jptech.corp.yaml
├── ziti-dev.jptech.corp.yaml
└── ziti.env
34 directories, 79 files