Lee Calcote and Maximiliano Churichi gave a presentation entitled Extending Docker with Meshery, SPIRE, and Istio at DockerCon 2022.

Lee Calcote is an innovative product and technology leader, passionate about empowering engineers and enabling organizations. As the founder and CEO of Layer5, he is at the forefront of the cloud native movement.

Maximiliano Churichi is a Software Engineer at Hewlett Packard Enterprise, working in the Security Engineering team, and fully engaged in open source technologies, passionate about service mesh and cloud-native security.

Cloud Native ManagementMeshery Docker Extension

Lee Calcote introduces Meshery as a Cloud Native Management Plane, stating, "Meshery does Lifecycle and Performance Management of 10 different service meshes more than that it helps with configuration management with Kubernetes and with the Meshery Docker Extension it does same for the Docker Compose application."

"As a Docker Captain, Lee have always been a proponent of Docker, and in particular its enablement of developer workflows", "Now, Docker Extensions bring an integrated experience with ecosystem tooling, like Meshery - a critical tool for developers, who are configuring and managing cloud native applications."

Cloud Native Identity

Maximiliano Churichi briefly explains about Cloud Native Identity and HPE's open source Project Mithril, "SPIFFE (Secure Production Identity Framework For Everyone) is a CNCF-incubated project that defines a set of standards for identifying and securing communications between application services. The SPIRE project (another CNCF project), the SPIFFE Runtime Environment, is a production-ready reference implementaion of the SPIFFE principles, and additionally it also implements a set of APIs for controlling attestation policies, and coordinate certificate issuance and rotation."

Meshery Docker Extension

Maximiliano also tells how HPE's Project Mithril integrates SPIRE and Istio to strengthen service identity in the data plane. Project Mithril leverages the service management capabilities of Istio and the strong identity by attestation principles of SPIFFE and SPIRE to deliver robust and flexible attestation beyond Kubernetes namespaces and service accounts, and provide end-to-end secure attestation of workloads based on zero trust principles regardless of the location of such workloads. The improvements introduced by Project Mithril were already upstreamed into Istio, and are expected to be released in the upcoming Istio 1.14. Starting from this release, Istio users will be able to leverage SPIRE for SPIFFE identities management, and stronger identity attestation mechanisms.

How "Docker Extension for Meshery" helps to deploy with the click of a button?

Meshery Extension MesheryThe new Meshery Docker Extension brings Layer5 MeshMap, the world's only visual designer for Kubernetes and service mesh deployments, to the desktop of millions of developers. Developers and operators alike can visually configure and operate their cloud native infrastructure and applications using MeshMap's low code visual designer.

Maximiliano Churichi, Software Engineer at HPE says how conveniently Meshery integrates different services into Docker.

  • Kubernetes and service mesh support for your Docker Compose apps - Import your Docker Compose apps. Configure and deploy them to Kubernetes and any service mesh.
  • Visual design of Kubernetes applications - Using MeshMap as a visual topology for designing Docker Compose applications, operating Kubernetes, service meshes, and their workloads.
  • Single-click deployment of any service mesh - Support of 10 different service meshes to the fingertips of developers in connection with Docker Desktop’s ability to deliver Kubernetes locally.
  • Detection of Kubernetes environments - Scan your kubeconfigs and select your current Kubernetes environment. Switch from one environment to another one.

Maximiliano demonstrates MeshMap

Layer5 MeshMap in Meshery Docker Extension

Designer Mode
Design a service mesh deployment with application and Envoy filter from scratch. Customize a service mesh deployment with application and Envoy filter from pattern.

MeshMap Designer

Visualizer Mode
Examine a visual topology of Kubernetes cluster and its services. View and search log streams from your pod's containers. Connect an interactive terminal to instances of your containers.

MeshMap Visualizer

Lee Calcote and Maximiliano Churichi packed a great deal of information in this talk. Find the recording below. The Meshery Extension is now out! Try now, and Share your Experience Apply for MeshMap Beta Program

Related Blogs

Layer5, the cloud native management company

An empowerer of engineers, Layer5 helps you extract more value from your infrastructure. Creator and maintainer of service mesh standards. Maker of Meshery, the cloud native management plane.