I want to deploy a MongoDB cluster with for example Percona. So, I need to provide a certificate to MongoDB servers and MongoDB client applications to use TLS. In this use case, the certificate must be signed for *.mongodb-namespace.svc.cluster.local
. If I generate this certificate, it will be self-signed, so all client applications will need to set insecureTLS=true
or skipVerifyName=true
. This is insecure, so how do we handle certificates in Kubernetes for workloads (generally, here, MongoDB was just an example)?