Anthos Service Mesh security policy constraints

Anthos Service Mesh provides powerful and flexible APIs that you can use to configure your mesh. However, without proper management over these resources, your mesh might expose security vulnerabilities. Integrating Policy Controller with Anthos Service Mesh security policy constraints can help enforce your mesh with security best practices and prevent vulnerabilities.

This page assumes you are already familiar with policy constraints. For more information, see Constraint template library.

Constraints templates

When Installing Policy Controller, make sure to select Install default template library. This option deploys all of the Anthos Service Mesh security policy constraint templates needed for your mesh. See Constraint template library for Anthos Service Mesh security constraint templates which are prefixed with Asm.

Constraints bundle

We offer an out-of-box constraints bundle for Anthos Service Mesh security policy. For the bundle details and instructions, see Using Anthos Service Mesh security polices.

Add-on constraints

Besides the constraints from the bundle, some constraint templates are installed with default template library but with no constraints included in the security policy bundle. These constraint template serve specific use cases, and you can configure your own constraints.