“The ACL is not working when using basic auth and key-auth with multiple API keys. However, when I remove basic auth from the annotation on the service, the ACL can restrict API keys working again.”
I suspect that the issue is related to the conflict between the basic auth and key-auth plugins, which may be causing a disruption in the authorization process.
Note: I used “KIC dbless on k8s version 2.4”