Extending Docker with Meshery, SPIRE, and Istio

Lee Calcote is an innovative product and technology leader, passionate about empowering engineers and enabling organizations. As the founder and CEO of Layer5, he is at the forefront of the cloud native movement.

Maximiliano Churichi is a Software Engineer at Hewlett Packard Enterprise, working in the Security Engineering team, and fully engaged in open source technologies, passionate about service mesh and cloud-native security.

"As a Docker Captain, Lee have always been a proponent of Docker, and in particular its enablement of developer workflows", "Now, Docker Extensions bring an integrated experience with ecosystem tooling, like Meshery - a critical tool for developers, who are configuring and managing cloud native applications."

Cloud Native Identity

Maximiliano Churichi briefly explains about Cloud Native Identity and HPE's open source Project Mithril, "SPIFFE (Secure Production Identity Framework For Everyone) is a CNCF-incubated project that defines a set of standards for identifying and securing communications between application services. The SPIRE project (another CNCF project), the SPIFFE Runtime Environment, is a production-ready reference implementation of the SPIFFE principles, and additionally it also implements a set of APIs for controlling attestation policies, and coordinate certificate issuance and rotation."

Maximiliano also tells how HPE's Project Mithril integrates SPIRE and Istio to strengthen service identity in the data plane. Project Mithril leverages the service management capabilities of Istio and the strong identity by attestation principles of SPIFFE and SPIRE to deliver robust and flexible attestation beyond Kubernetes namespaces and service accounts, and provide end-to-end secure attestation of workloads based on zero trust principles regardless of the location of such workloads. The improvements introduced by Project Mithril were already upstreamed into Istio, and are expected to be released in the upcoming Istio 1.14. Starting from this release, Istio users will be able to leverage SPIRE for SPIFFE identities management, and stronger identity attestation mechanisms.

How "Docker Extension for Meshery" helps to deploy with the click of a button?

The new Meshery Docker Extension brings Layer5 MeshMap, the world's only visual designer for Kubernetes and service mesh deployments, to the desktop of millions of developers. Developers and operators alike can visually configure and operate their cloud native infrastructure and applications using MeshMap's low code visual designer.

Maximiliano Churichi, Software Engineer at HPE says how conveniently Meshery integrates different services into Docker.

• Kubernetes and service mesh support for your Docker Compose apps - Import your Docker Compose apps. Configure and deploy them to Kubernetes and any service mesh.
• Visual design of Kubernetes applications - Using MeshMap as a visual topology for designing Docker Compose applications, operating Kubernetes, service meshes, and their workloads.
• Single-click deployment of any service mesh - Support of 10 different service meshes to the fingertips of developers in connection with Docker Desktop’s ability to deliver Kubernetes locally.
• Detection of Kubernetes environments - Scan your kubeconfigs and select your current Kubernetes environment. Switch from one environment to another or manage all clusters concurrently.

Maximiliano demonstrates MeshMap

Designer Mode

Design a service mesh deployment with application and Envoy filter from scratch. Customize a service mesh deployment with application and Envoy filter from pattern.

Visualizer Mode

Examine a visual topology of Kubernetes cluster and its services. View and search log streams from your pod's containers. Connect an interactive terminal to instances of your containers.

Lee Calcote and Maximiliano Churichi packed a great deal of information in this talk. Find the recording below. The Meshery Extension is now out! Try now, and Share your Experience Apply for MeshMap Beta Program