On Talos, it is recommended to pass the KubePrism endpoint to CNI components etc. https://www.talos.dev/v1.7/kubernetes-guides/configuration/kubeprism/

Expected Behavior

Setting the kubernetesServiceEndpoint to the KubePrism endpoint (localhost:7445) should work

Current Behavior

Because some components like the kube controllers do not run in host network mode, these containers fail when trying to access that endpoint. There does not appear to be any way to separate out using different endpoints for the host network vs non-host network cases as is.

Possible Solution

Add a new Talos Provider which can handle the case of using the KubePrism endpoint on Talos, similar to how the Docker EE provider handles using proxy.local here https://github.com/tigera/operator/blob/master/pkg/controller/k8sapi/k8s-endpoint.go#L54.

Another possible solution would be to allow configuring a host mode endpoint and a non-host mode endpoint which might be a bit more generic and wouldn't require special casing for Talos.

Context

Your Environment

• Operating System and version: Talos 1.7.6
• Link to your project (optional):