Hi! Me again with emebedded registry questions. Still using K3s 1.30.11+k3s1, we are exploring a multi-cloud environment where we would need to use public IPs to communicate. We are using

wireguard-native

and we expected that the tunnel would be used for all cluster communications but it would seem that the emebedded registry (p2p/spegel) is still using private IPs that can't be reached from other cluster members. This is supported by two discoveries: • the p2p/spegel port is bound on the private IP of the machine (

ss -lnp|grep 5001

) • the code present on Github shows that the registry should listen only on what is called "ExternalAddress" but is bound to

nodeConfig.AgentConfig.NodeIP

in the code (https://github.com/k3s-io/k3s/blob/aa18062f2e0cdfaf148f07f2b98cdf72079c7e6f/pkg/agent/config/config.go#L813) The question being then: is this scenario supported currently, and if so, what needs to be done ; if not, is there a plan to implement it? This raises architecture issues as the Wireguard tunnel should be the preferred way of communicating IMO or the embedded registry should maybe bound to 0.0.0.0. Thanks!