Anthos Service Mesh provides powerful and flexible APIs that you can use to configure your mesh. However, without proper management over these resources, your mesh might expose security vulnerabilities. Integrating Policy Controller with Anthos Service Mesh security policy constraints can help enforce your mesh with security best practices and prevent vulnerabilities.
This page assumes you are already familiar with policy constraints. For more information, see Constraint template library.
Constraints templates
When Installing Policy Controller,
make sure to select Install default template library. This option deploys
all of the Anthos Service Mesh security policy constraint templates needed for your
mesh. See Constraint template library
for Anthos Service Mesh security constraint templates which are prefixed with Asm
.
Constraints bundle
We offer an out-of-box constraints bundle for Anthos Service Mesh security policy. For the bundle details and instructions, see Using Anthos Service Mesh security polices.
Add-on constraints
Besides the constraints from the bundle,
some constraint templates are installed with default template library
but with no constraints included in the security policy bundle. These constraint
template serve specific use cases, and you can configure your own constraints.