Support wildcard domain, kubernetes

You can store or save the certificate in secret and use it also. Instead of creating cert at POD level better to manage for each service level.

However, looks like you are looking for something similar to Mtls :

In mTLS, each microservice in a service mesh verifies the other's certificate and uses the public keys to create encryption keys unique to each conversation. This enables the communications between pairs of microservices to be authenticated and encrypted.

You can read more about it : https://thenewstack.io/mutual-tls-microservices-encryption-for-service-mesh/#:~:text=In%20mTLS%2C%20each%20microservice%20in,to%20be%20authenticated%20and%20encrypted.

Description :

Microservice A sends a request for the certificate of microservice B.Microservice B replies with its certificate and requests the certificate of Microservice A.Microservice A checks with the certificate authority that the certificate belongs to Microservice B.Microservice A sends its certificate to microservice B and also shares a session encryption key (encrypted with the public key of microservice B).Microservice B checks with the certificate authority that the certificate it received belongs to microservice A.With both microservices mutually authenticated and a session key created, communication between them can be encrypted and sent via the secure link.

If are looking for the above scenario managing service communication with certs i would recommend using the service mesh with the Mtls.