1. Google Cloud Documentation - Anthos Service Mesh Security: "Anthos Service Mesh helps you to secure your services by providing a certificate authority (CA) for generating certificates to allow for mutual TLS (mTLS) authentication. With mTLS, service-to-service communication is encrypted and authenticated..." This directly supports using a service mesh for mTLS.
Source: Google Cloud, "Security benefits", Anthos Service Mesh documentation.
2. Google Cloud Whitepaper - BeyondProd: A new approach to cloud-native security: This paper outlines Google's internal zero-trust model, which heavily relies on service identity, mTLS, and a service mesh for securing microservices. "All RPCs are protected with mutual authentication and encryption... This protection is provided by our Application Layer Transport Security (ALTS)..." Anthos Service Mesh brings this capability to Google Cloud customers.
Source: Google Cloud, "BeyondProd: A new approach to cloud-native security", Section: "Mutual authentication and transport encryption".
3. Google Cloud Documentation - GKE Network Policy: "Network policies are the Kubernetes firewall for pods. Network policies control network traffic at level 3 or 4 of the OSI model..." This confirms that Network Policies do not operate at the application layer to provide encryption, which is a key requirement.
Source: Google Cloud, "About GKE network policy", GKE documentation.
4. Google Cloud Solutions - Zero trust security with Anthos: "Anthos Service Mesh helps you to control the traffic flowing in, out, and within your service mesh... By default, Anthos Service Mesh encrypts traffic between services by using mutual Transport Layer Security (mTLS)." This explicitly states that Anthos Service Mesh is the tool for achieving zero-trust via mTLS for inter-service traffic.
Source: Google Cloud, "Zero trust security with Anthos", Google Cloud Solutions.