Skip to main content

Enforce the Ingress Policy

You can see the following policies that are automatically installed when you add the Gloo Edge Gateway system.

  • For Application policy type, click policy >> App.
  • For Ingress policy type, click policy >> Ingress.

The client-load deployment repeatedly executes the following HTTP calls in an interval of 30 seconds, pretending to be different users to help generate sample data for visualization.

curl -isk --user alice:password $(GLOO_EDGE_SVC)/finance/salary/alice
curl -isk --user bob:password $(GLOO_EDGE_SVC)/finance/salary/alice
curl -isk --user bob:password $(GLOO_EDGE_SVC)//finance/salary/charlie
curl -isk --user david:password $(GLOO_EDGE_SVC)/finance/salary/bob
curl -isk --user david:password $(GLOO_EDGE_SVC)/hr/dashboard
curl -isk --user eve:password $(GLOO_EDGE_SVC)/admin

By default, all policies allow traffic to the service with the Gloo Edge Gateway data plane as sidecar container. Click the Decisions tab for your Gloo Edge Gateway system to view all the Allowed decisions.

The Quick Start provides a link to replace the sample Ingress policy. With this ingress policy published, the sample-app can receive ingress traffic only on the whitelisted /finance/salary endpoint. Switch to the Decisions tab and verify traffic to the /hr/dashboard and /admin paths is Denied.