Cloud Service Mesh security policy constraints
This guide does not support TRAFFIC_DIRECTOR
control plane implementation.
Cloud Service Mesh with Istio APIs provides you with powerful and flexible APIs that you can use to configure your mesh. However, without proper management over these resources, your mesh might expose security vulnerabilities. Integrating Policy Controller with Cloud Service Mesh security policy constraints can help enforce your mesh with security best practices and prevent vulnerabilities.
This page assumes you are already familiar with policy constraints.
Constraints templates
When you install Policy Controller,
select Install default template library. This option deploys
all of the Cloud Service Mesh security policy constraint templates needed for your
mesh. For a full list of the Cloud Service Mesh security constraint templates, see
the Constraint template library
and look for templates that are prefixed with Asm.
Constraints bundle
We offer an out-of-box constraints bundle for Cloud Service Mesh security policy. For the bundle details and instructions, see Using Cloud Service Mesh security policies.
To follow a tutorial that shows you how to apply this bundle, see Strengthen your app's security with Cloud Service Mesh, Config Sync, and Policy Controller.
Add-on constraints
Some constraint templates are installed with the default template library, but not included in the security policy bundle. These constraint templates serve specific use cases, and you can configure your own constraints: