We are deploying our app to the EKS, and have a hybrid situation where some services aren't deployed yet within the EKS cluster.
We want the traffic between services deployed on EC2 instances would be encrypted during communication with services deployed in the EKS.
Both apps deployed on EC2 and pods are java based app deployed on the application server.
What is the best practice to do in terms of deploying tls certification on the app server, etc.?
I would recommend using weave as you can setup encryption between peers.
You can check this GitHub issue Activate weave encryption option for Kubernetes.
Also this StackOverflow question might be helpful How to configure Kubernetes to encrypt the traffic between nodes, and pods?
You should also check the Kubernetes docs Securing a Cluster, other then that you can try using Istio.
You can start from reading this if it be a fit for you.
