At the moment, the TLS termination is done somewhere indeterminate. Is it at the CDN, Load Balancer, Node? The un-encrypted data is then forwarded to the service.

It would be nice if we could use our own certificate and terminate it in the service directly for higher privacy.