root-ca for kubernetes internal service

Hi, it's great to see, that you can provide secure access via letsencrpt signed certificate. But for the most use cases our applications are deployed in the kubernetes. If they want to access keycloak via https and do the authentication things, they will got a problem with truststore because they don't have the root-ca from letsencrpt, right? How would you handle this?