Enforce the Ingress Policy
You can see the following policy is automatically installed when you add the Emissary-Ingress Gateway System through Policy > Ingress.
The client-load application is installed along with the sample-app and repeatedly executes the following HTTP calls in an interval of 15 seconds, pretending to be different users to help generate sample data for visualization.
curl -isk --user alice:password edge-stack/finance/salary/alice
curl -isk --user bob:password edge-stack/finance/salary/alice
curl -isk --user bob:password edge-stack/finance/salary/charlie
curl -isk --user david:password edge-stack/finance/salary/bob
curl -isk --user david:password edge-stack/hr/dashboard
curl -isk --user eve:password edge-stack/admin
By default, ingress policy allows all traffic to the sample application service. Click on the Decisions tab to verify all the
Allowed decisions from the newly created Emissary-Ingress Gateway System.
The Emissary-Ingress Gateway System Quick Start provides a link to replace ingress policy with a sample one. With this ingress policy published, traffic is allowed only on
/finance/salary endpoint of
sample-app. Switch to the Decisions tab and verify traffic to path