regarding K3s, if i want to add a new agent located in WAN/Cloud, while master and other workers are on LAN, which flag should I be using to ensure new workers use the correct Hostname/IP. I had hoped to be able to specify the location of the K3s Server at the agent config side, but this doesn't seem to be the case? I have a dynamic DNS record configured to point to a resolvable IP/Port combination. I tried setting the "advertise-address" or node external IP values, but I still see see:

Aug 16 18:12:49 Kube-0 k3s[3070]: I0816 18:12:49.519375    3070 server.go:576] external host was not specified, using 192.168.0.83

In journal conf:

kubes@Kube-0:/etc/rancher/k3s$ cat config.yaml
write-kubeconfig-mode: 644
token: "<removed>"
advertise-address: <https://conallogribin.dyns.cx:6443>
node-external-ip: <https://conallogribin.dyns.cx:6443>

As far as I know, CNI plugins expect nodes to be in the same L2 network. Therefore, if you want to connect nodes that are not in the same L2 network, I suggest using a VPN solution that would make the CNI plugin believe that it is working in a L2 network

hmm, I can probably make an IPsec tunnel and test I guess, thanks for the tip.

VPN is a good idea. I'm using tinc VPN. My cluster is all over the internet. But even with a VPN, you need to tell K3s which interface to use. In config.yaml on my server / control plane node, I have something like:

tls-san:
  - "server1.tincvpn"
advertise-address: 10.x.y.z  # The tinc VPN IP
node-ip: 10.x.y.z  # The tinc VPN IP
node-external-ip: 156.x.y.z  # The public IP
flannel-iface: tun1  # The tinc VPN interface

on my worker node, I have something like:

node-ip: 10.x.y.zz  # The tinc VPN IP
flannel-iface: tun1  # The tinc VPN interface
token: asdf::server:foo
server: <https://server1.tincvpn:6443>

I hope this helps.