How to make request-termination as KongClusterPlugin but allow request for some services or routes?

Hi experts,

my goals are:

1. use request-termination as KongClusterPlugin , so all traffic to the cluster will be terminated
2. but need to allow certain services or routes to be accessible when #1 is enabled

I could not find a good solution for this.

what i can think of are : don’t use KongClusterPlugin, but use KongPlugin for request-termination, and annotation on all services in the cluster ; then for the services need to be allowed, remove the annotation from corresponding services ; but for the routes needed to be allowed, create separate Ingress without annotate the plugin resource names seems does not work.

could you please advice how should i do to meet my above goals at same time?

Thanks
Albert

I don’t think there’s anything that will achieve quite what you’re looking for. The only way to override a global plugin is with a more specific plugin of the same type, and that would also terminate the routes with that plugin.

Generally you just do need to individually configure each Ingress or Service that should apply a plugin with a KongPlugin or KongClusterPlugin. The plugin configuration can be shared (you’ll probably want a KongClusterPlugin, so you can use it across namespaces), but each Ingress or Service will need its own annotation.