Cloud Service Mesh security policy constraints

Cloud Service Mesh provides you with powerful and flexible APIs that you can use to configureyour mesh. However, without proper management over these resources, your meshmight expose security vulnerabilities. IntegratingPolicy Controllerwith Cloud Service Mesh security policy constraints can help enforce your meshwith security best practices and prevent vulnerabilities.

This page assumes you are already familiar withpolicy constraints.

Constraints templates

When youinstall Policy Controller,selectInstall default template library. This option deploysall of the Cloud Service Mesh security policy constraint templates needed for yourmesh. For a full list of the Cloud Service Mesh security constraint templates, seetheConstraint template libraryand look for templates that are prefixed withAsm.

Constraints bundle

We offer an out-of-box constraints bundle for Cloud Service Mesh security policy.For the bundle details and instructions, seeUsing Cloud Service Mesh security policies.

To follow a tutorial that shows you how to apply this bundle, seeStrengthen your app's security with Cloud Service Mesh, Config Sync, and Policy Controller.

Add-on constraints

Some constraint templates are installed with the default template library,but not included in the security policy bundle. These constrainttemplates serve specific use cases, and you can configure your own constraints:

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.