Stay organized with collections
Save and categorize content based on your preferences.
Monitoring mesh security
The GKE Enterprise Security dashboard
provides an at-a-glance view of your applications' current security features as
well as a more detailed policy audit view to show you where you can add or
enable features to make your application workloads more secure.
This page describes how to use the GKE Enterprise security dashboard to
monitor Cloud Service Mesh features.
Monitoring authorization policies
To view status of authorization policies on the GKE Enterprise security
dashboard, go to the Security page in the Google Cloud console.
In the Access control card, click Service access control to view a
per-cluster rundown.
This window lists every cluster in your project, their location, and whether
or not authorization policies are in effect. If policies are in effect, you
can also view the policy details and the number of blocked service requests.
If none of your clusters have an authorization policy, see
Authorization policy overview
for more information.
If any of your clusters have a policy in effect, click Policy details to
view specific details on the Policy audit page.
This page displays the Workloads running in a single cluster, including the
name, namespace, and service access control status. You can select another
cluster from the cluster drop-down menu or filter Workloads by selecting a
namespace from the namespace drop-down menu.
In the Service access controls column, click Enabled to view the
authorization policy for a specific Workload.
This page displays the authorization policy's name, scope, and creation date.
You can also view the entire authorization policy YAML by clicking the down
arrow icon or anywhere on the row.
Monitoring mTLS policies
To view the status of mTLS policies on the GKE Enterprise security
dashboard, go to the Security page in the Google Cloud console.
In the Authentication card, click mutual TLS (mTLS) to view a
per-cluster rundown.
This window lists every cluster in your project, their location, and whether
or not mTLS is enabled. If mTLS is enabled, you can also view the policy
details.
If none of your clusters have mTLS enabled, see
Configuring mTLS.
If any of your clusters have mTLS enabled, click Policy details to view
specific details on the Policy audit page.
This page displays the Workloads running in a single cluster, including the
name, namespace, and mTLS details. You can select another cluster from the
cluster drop-down menu or filter Workloads by selecting a namespace from the
namespace drop-down menu.
In the mTLS details column, click Strict, Permissive, or
Disabled to view the mTLS details for a specific Workload.
This page displays the name, scope, mode, and creation date. You can also
view the entire mTLS YAML by clicking the down arrow icon or anywhere on the
row.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[],[],null,["# Monitoring mesh security\n========================\n\nThe [GKE Enterprise Security dashboard](/anthos/docs/concepts/security-monitoring)\nprovides an at-a-glance view of your applications' current security features as\nwell as a more detailed policy audit view to show you where you can add or\nenable features to make your application workloads more secure.\n\nThis page describes how to use the GKE Enterprise security dashboard to\nmonitor Cloud Service Mesh features.\n\nMonitoring authorization policies\n---------------------------------\n\n1. To view status of authorization policies on the GKE Enterprise security\n dashboard, go to the Security page in the Google Cloud console.\n\n [Go to GKE Enterprise Security](https://console.cloud.google.com/anthos/security/policy-summary)\n2. In the **Access control** card, click **Service access control** to view a\n per-cluster rundown.\n\n This window lists every cluster in your project, their location, and whether\n or not authorization policies are in effect. If policies are in effect, you\n can also view the policy details and the number of blocked service requests.\n If none of your clusters have an authorization policy, see\n [Authorization policy overview](/service-mesh/docs/security/authorization-policy-overview)\n for more information.\n3. If any of your clusters have a policy in effect, click **Policy details** to\n view specific details on the Policy audit page.\n\n This page displays the Workloads running in a single cluster, including the\n name, namespace, and service access control status. You can select another\n cluster from the cluster drop-down menu or filter Workloads by selecting a\n namespace from the namespace drop-down menu.\n4. In the **Service access controls** column, click **Enabled** to view the\n authorization policy for a specific Workload.\n\n This page displays the authorization policy's name, scope, and creation date.\n You can also view the entire authorization policy YAML by clicking the down\n arrow icon or anywhere on the row.\n\nMonitoring mTLS policies\n------------------------\n\n1. To view the status of mTLS policies on the GKE Enterprise security\n dashboard, go to the Security page in the Google Cloud console.\n\n [Go to GKE Enterprise Security](https://console.cloud.google.com/anthos/security/policy-summary)\n2. In the **Authentication** card, click **mutual TLS (mTLS)** to view a\n per-cluster rundown.\n\n This window lists every cluster in your project, their location, and whether\n or not mTLS is enabled. If mTLS is enabled, you can also view the policy\n details.\n\n If none of your clusters have mTLS enabled, see\n [Configuring mTLS](/service-mesh/docs/security/configuring-mtls).\n3. If any of your clusters have mTLS enabled, click **Policy details** to view\n specific details on the Policy audit page.\n\n This page displays the Workloads running in a single cluster, including the\n name, namespace, and mTLS details. You can select another cluster from the\n cluster drop-down menu or filter Workloads by selecting a namespace from the\n namespace drop-down menu.\n4. In the **mTLS details** column, click **Strict** , **Permissive** , or\n **Disabled** to view the mTLS details for a specific Workload.\n\n This page displays the name, scope, mode, and creation date. You can also\n view the entire mTLS YAML by clicking the down arrow icon or anywhere on the\n row.\n\nWhat's next\n-----------\n\n- [Learn more about security in Cloud Service Mesh](/service-mesh/docs/security/security-overview)"]]
