In my precious post I explained how to export certificates and keys from Kubernetes and how to set a password on the key file for import in Palo Alto Networks (by hand).
One of the things I really believe in is a layered security approach, if one of the layers fail you will have other layers still providing protection. One of the first layers is often the network.