What to specify for the cluster control plane endpoint if both KubeSpan and KubePrism is enabled?

[stevefan1999-personal]

Is it this?

cluster:
  controlPlane:
    endpoint: https://127.0.0.1:7445

Or this?

cluster:
  controlPlane:
    endpoint: https://<Private KubeSpan link local address>:6443

You can assume all the nodes are behind NAT so there is no single public IP for the endpoint. I'm not sure what to do at this point. I was seeing something like dial tcp 10.96.0.1:443: connect: operation not permitted and I have no idea what is going on. I'm also using Cilium without kube-proxy so the kubenertes Endpoint in my cluster shows the internal IP of the control planes. Not sure what to do because although my workers can access the pod network and even services, the Kubernetes API remains inaccessible and this problem is infuriating to solve.

[smira]

Cluster endpoint is what goes into your client kubeconfig when KubePrism is enabled, so it should be neither of the options above.

It should be whatever is the way you would access the cluster, and also the way workers can access the control plane if all other methods fail.