I am using the key-auth plugin by
- creating a “foo” namespace
- creating a KongPlugin custom resource in the “foo” namespace
- annotating a service in the namespace “foo” to use the plugin
- creating KongConsumer custom resources with their associated secrets all in the “foo” namespace
When I create a KongConsumer with its associated secret in another “bar” namespace, this consumer’s API key can be used to authenticate to the service in namespace “foo”.
I would not expect the api keys defined in one namespace to be valid to access a service in another namespace.
Is this a bug or the intended behaviour?