How does EKS need to be configured to enable TLS/SSL between pods and external services such as RDS and MSK?
I could only find information on encrypting Kubernetes in-cluster traffic, but not for external traffic.
All traffic exchanged between these Nitro instances is automatically encrypted with TLS, see encryption in transit. All AWS API service endpoints use TLS 1.2 (minimum), see AWS cloud connections with TLS. For RDS, you will need to download the certificate bundle for the RDS database you're using, add it as a Kubernetes Secret, and reference that secret in your Pod. See this post for additional details. I'm less familiar with Kafka and TLS, but it seems doable. According to the documentation, you'll need to add a certificate to your client's trust store, see https://docs.aws.amazon.com/msk/latest/developerguide/msk-authentication.html.