Lee Calcote and Maximiliano Churichi gave a presentation entitled Extending Docker with Meshery, SPIRE, and Istio at DockerCon 2022.
Lee Calcote is an innovative product and technology leader, passionate about empowering engineers and enabling organizations. As the founder and CEO of Layer5, he is at the forefront of the cloud native movement.
Maximiliano Churichi is a Software Engineer at Hewlett Packard Enterprise, working in the Security Engineering team, and fully engaged in open source technologies, passionate about service mesh and cloud-native security.
Cloud Native Management
Lee Calcote introduces Meshery as a Cloud Native Management Plane, stating:
Meshery does Lifecycle and Performance Management of 10 different service meshes; more than that, it helps with configuration management with Kubernetes and with the Meshery Docker Extension it does the same for the Docker Compose application.
As a Docker Captain, Lee has always been a proponent of Docker, particularly its enablement of developer workflows. Docker Extensions bring an integrated experience with ecosystem tooling like Meshery — a critical tool for developers configuring and managing cloud native applications.
Cloud Native Identity
Maximiliano Churichi briefly explains Cloud Native Identity and HPE's open source Project Mithril:
SPIFFE (Secure Production Identity Framework For Everyone) is a CNCF-incubated project that defines standards for identifying and securing communications between application services. The SPIRE project is a production-ready reference implementation of these principles, offering APIs for attestation policies, certificate issuance, and rotation.
Maximiliano explains how HPE's Project Mithril integrates SPIRE and Istio to strengthen service identity in the data plane. Project Mithril leverages the service management capabilities of Istio and the strong identity-by-attestation principles of SPIFFE and SPIRE to deliver robust and flexible attestation beyond Kubernetes namespaces and service accounts. It provides end-to-end secure workload attestation based on zero-trust principles, regardless of workload location.
Improvements from Project Mithril have been upstreamed into Istio and are expected in Istio 1.14, enabling users to leverage SPIRE for SPIFFE identity management and stronger attestation mechanisms.
How the Docker Extension for Meshery enables single-click deployment
The new Meshery Docker Extension brings Layer5 MeshMap, the world's only visual designer for Kubernetes and service mesh deployments, to millions of developers’ desktops. Developers and operators can visually configure and operate cloud native infrastructure using MeshMap’s low-code visual designer.
Maximiliano Churichi of HPE describes how Meshery conveniently integrates multiple services into Docker:
Kubernetes and service mesh support for your Docker Compose apps — Import Docker Compose apps and deploy them to Kubernetes or any service mesh.
Visual design of Kubernetes applications — Use MeshMap as a visual topology designer for Docker Compose, Kubernetes workloads, CRDs, and operators.
Single-click deployment — 250+ Kubernetes operators and 60+ cloud services ready to use alongside Docker Desktop’s local Kubernetes.
Detection of Kubernetes environments — Scan kubeconfigs, switch clusters, or manage them concurrently.
Maximiliano demonstrates MeshMap
Designer Mode
Design a service mesh deployment with applications and Envoy filters from scratch, or customize deployments from patterns.
Visualizer Mode
Examine a visual topology of your Kubernetes cluster and its services. View logs from pods and open interactive terminals to containers.
Lee Calcote and Maximiliano Churichi packed a great deal of information into this talk. Watch the recording above! The Meshery Extension is now out—try it and share your experience!
