You do SSL mutual auth between services using self signed certs
If you do, you remove the ability to prove that a service is what it claims to be as this requires accepting its provided cert - that is, authenticate it. You have to trust somewhere, even in a “zero trust” environment. Using self-signed certs for services to communicate means that you have to either have manual involvement every time a service comes up or accept the authenticity of a self-signed cert automatically. Either would be a compromise in security over use of a private CA, not an improvement.
Again, that works if your only concern is data across the pipes being encrypted during transmission but, it removes nearly all of the other additional security provided by PKI and increases your threat surface. It can be acceptable in some cases, like dev envs or as temporary measures but, with the constant increase in malicious traffic and activity, we’ve got to aim for better.