I'm trying to secure my K3s cluster and noticed that pod-to-pod/node-to-node communication is not encrypted by default. So I re-run the install script with "--flannel-backend=wireguard-native". Is there any way to determine that this actually worked and that pod-to-pod/node-to-node communication is indeed encrypted now?

Pod traffic only hits the overlay network when transiting between nodes, not when being handled locally within a single node. You could verify by looking at a packet capture between two nodes.

Yeah, I was afraid I need to capture the network traffic. I was more hoping for a log file entry that has „network traffic is encrypted“. :)