Encryption at rest/in transit

How does Kubernetes secure data at rest and data in transit?

For details on encrypting at rest take a look at Encrypting Secret Data at Rest - Kubernetes. In transit, the control plane components all talk to each other via TLS using certs signed by the Kubernetes CA.

Transit encryption of user workloads is an exercise for the user and can be achieved by configuring the workloads to use a secure protocol if desired.