I’m reading about SPIFFE / SPIRE at the moment in the form of the official project ebook. I’m going to list it here because if I read 194 pages I am going to write it up, regardless of if the book has been formally published or not.
This book is probably the best introduction to SPIFFE / SPIRE I’ve seen. There are a lot of videos covering the basics in a relatively superficial way, and many blog posts along the same lines too, but I felt this was the best way I’ve found to really “get” what SPIFFE is trying to do.
However, I did think it was a bit weird for this ebook to admonish me to ensure I have good runbooks for my environment in case something goes wrong, but of course the SPIFFE / SPIRE projects do not provide reasonable default runbooks as a starting point.
Is asking software projects to include operational runbooks in their documentation unreasonable? I get that they’d have to be customized depending on deployment choices, but why is it that we expect end-users to produce runbooks from scratch instead of giving them a starting point to work from?