exceptions 2. Define policy constraints to automatically validate policy exceptions are as expected. Gatekeeper Service 1 Proxy Service 2 Proxy Namespace foo Istio authn & authz policies Workload security best practices Scan vulnerabilities Verify images Gatekeeper Binary authorization Restrict privileges Gatekeeper Istio CNI Cluster security Edge security Workload security Operation practices Service Proxy Ingress Egress 2. Automatically rejects invalid configurations. Gatekeeper GitOps 1. Automatically manage source of truth for mesh policies. Audit log Cluster security