Skip to main content

Enforce the Ingress Policy

Policies are automatically installed when you add the Gloo Edge Gateway System.

  • Application policy type is in policy > App.
  • Ingress policy type is in policy > Ingress.

The client-load deployment repeatedly executes the following HTTP calls in an interval of 30 seconds, pretending to be different users to help generate sample data for visualization.

curl -isk --user alice:password $(GLOO_EDGE_SVC)/finance/salary/alice
curl -isk --user bob:password $(GLOO_EDGE_SVC)/finance/salary/alice
curl -isk --user bob:password $(GLOO_EDGE_SVC)//finance/salary/charlie
curl -isk --user david:password $(GLOO_EDGE_SVC)/finance/salary/bob
curl -isk --user david:password $(GLOO_EDGE_SVC)/hr/dashboard
curl -isk --user eve:password $(GLOO_EDGE_SVC)/admin

By default, all policies allow traffic to the service with the Gloo Edge Gateway data plane as sidecar container. Click the Decisions tab for your Gloo Edge Gateway System to view all the Allowed decisions.

The Quick Start provides a link to replace the sample Ingress policy. When the Ingress policy is published, the sample-app can receive ingress traffic only on the whitelisted /finance/salary endpoint. Switch to the Decisions tab and verify traffic to the /hr/dashboard and /admin paths is Denied.