Kong for Service to Service requests

Hi, I am using the Kong Kubernetes Ingress Controller. Am I correct in assuming that even though you can apply KongPlugins at the service level, they will only work if the HTTP request comes through the ingress?

I ask because we’re trying to achieve the following in a microservices setup:
ServiceA (in namespace A) makes a call to ServiceB (in namespace B) using internal K8s dns, e.g.:
curl http://serviceB.namespaceB.svc.cluster.local rather than calling https://serviceB.my-public-domain.com. We would like auth plugins like oauth2, key-auth etc. to run on such “server-to-server” communications that don’t go through the ingress. Is that possible?

The real motivation here is to put auth plugins on the SERVICE level (not ingress) so that no matter how the service is being accessed, it’s secured. Is this possible? Or does it always need to go through the ingress?