This talk is about the state of Let's Encrypt on Kubernetes and Kubernetes’ Cluster Root CA as of June 2017. It is presented at the Seattle Kubernetes Meetup.
tl;dr: LE solutions on k8s are not mature yet, you should probably still buy a TLS certificate. For internal TLS, look at using a service mesh like Istio or Linkerd.