Since a service is not mandatory on Kubernetes, it’s possible to bypass any kong plugin by accessing a pod directly by it’s clusterIP.
-> the security is then only perimeter and not within the cluster
How can we prevent such situation ? Using network policies to enforce the network for a service to come from Kong?
Another solution would be using sidecar but its more a service mesh architecture.
It’s an open question