Enforce the Ingress Policy

You can see the following policy is automatically installed when you add the Kong Enterprise Gateway system.

• policy >> ingress

The shell script in the client-load app is triggered in step 5 of the Quick Start and repeatedly executes the following HTTP calls in an interval of 15 seconds, pretending to be different users to help generate sample data for visualization.

curl -is --user alice:password ingress-kong/finance/salary/alice
curl -is --user bob:password ingress-kong/finance/salary/alice
curl -is --user bob:password ingress-kong/finance/salary/charlie
curl -is --user david:password ingress-kong/finance/salary/bob
curl -is --user david:password ingress-kong/hr/dashboard
curl -is --user eve:password ingress-kong/admin

By default, the ingress policy allows all traffic to the sample application service. Click on the Decisions tab to verify all the Allowed decisions from the newly created Kong Enterprise Gateway system.

Step 6 in the Quick Start provides a link to replace the ingress policy with a sample one. With this ingress policy published, traffic is allowed only on the /finance/salary endpoint of sample-app. Switch to the Decisions tab and verify traffic to the /hr/dashboard and /admin paths is Denied.