Monitoring mesh security

The GKE Enterprise Security dashboard provides an at-a-glance view of your applications' current security features as well as a more detailed policy audit view to show you where you can add or enable features to make your application workloads more secure.

This page describes how to use the GKE Enterprise security dashboard to monitor Anthos Service Mesh features.

Monitoring authorization policies

  1. To view status of authorization policies on the GKE Enterprise security dashboard, go to the Security page in the Google Cloud console.

    Go to GKE Enterprise Security

  2. In the Access control card, click Service access control to view a per-cluster rundown.

    This window lists every cluster in your project, their location, and whether or not authorization policies are in effect. If policies are in effect, you can also view the policy details and the number of blocked service requests. If none of your clusters have an authorization policy, see Authorization policy overview for more information.

  3. If any of your clusters have a policy in effect, click Policy details to view specific details on the Policy audit page.

    This page displays the Workloads running in a single cluster, including the name, namespace, and service access control status. You can select another cluster from the cluster drop-down menu or filter Workloads by selecting a namespace from the namespace drop-down menu.

  4. In the Service access controls column, click Enabled to view the authorization policy for a specific Workload.

    This page displays the authorization policy's name, scope, and creation date. You can also view the entire authorization policy YAML by clicking the down arrow icon or anywhere on the row.

Monitoring mTLS policies

  1. To view the status of mTLS policies on the GKE Enterprise security dashboard, go to the Security page in the Google Cloud console.

    Go to GKE Enterprise Security

  2. In the Authentication card, click mutual TLS (mTLS) to view a per-cluster rundown.

    This window lists every cluster in your project, their location, and whether or not mTLS is enabled. If mTLS is enabled, you can also view the policy details.

    If none of your clusters have mTLS enabled, see Configuring mTLS.

  3. If any of your clusters have mTLS enabled, click Policy details to view specific details on the Policy audit page.

    This page displays the Workloads running in a single cluster, including the name, namespace, and mTLS details. You can select another cluster from the cluster drop-down menu or filter Workloads by selecting a namespace from the namespace drop-down menu.

  4. In the mTLS details column, click Strict, Permissive, or Disabled to view the mTLS details for a specific Workload.

    This page displays the name, scope, mode, and creation date. You can also view the entire mTLS YAML by clicking the down arrow icon or anywhere on the row.

What's next