Inside a microservices network you can't trust the network just because it's "internal." Zero-trust assumes the network is hostile, so every call is authenticated and authorized, and traffic is encrypted with mTLS.
Mutual TLS (mTLS)
Unlike normal TLS, both sides present certificates. Each service proves its identity, and traffic is encrypted in transit.
Service A ──cert──▶ Service B
Service A ◀─cert── Service B (both verify each other's identity)
→ caller is authenticated AND data is encrypted
