Intra-cluster encryption in transit is implemented (if enabled) through a deployed service mesh called Istio. At installation, Domino can deploy Istio for Domino use only, or you can configure Domino to leverage an existing deployed Istio mesh on the Kubernetes cluster (potentially shared with other applications). See Istio in Configuration Reference for details.