Internal LB for Kubernetes service endpoint?

[stevefan1999-personal]

As all of my servers are behind NAT, there is no public IP available for Kubernetes API to serve for. As such cross NAT network nodes does not have Kubernetes API access making it hard to run services that requires Kubernetes API.

In this situation, what should we do to make both side's control plane to be able to contact each other? Consider that all of them are running over a CGNAT network with 5G cellular network under the same metropolitan area, so it isn't even possible to have explicit port forwarding of port 6443.

[smira]

The question is not quite clear: if your machines can't talk to each other, you can't have a cluster either way.

If you're talking about external access to your machines, you can use Omni which drops the requirement for the machines to have public IP (but they should be able to talk out to Omni endpoint, so only outbound connectivity is required). You can of course build something like that yourself, but that has little to do with Talos itself.