I observed, when you have proper configured Kong ingress with authorization (for example with JWT plugin), when you accidentally remove Kong CRD plugin instance, you have full access to upstream without any authorization.
Is there any way to defend against this behavior? Something like: when you have plugins.konghq.com
definied on your ingress, you get the 502 error code until there is no proper kong CRD plugin instance available for ingress?