It would be useful for security to ensure that the nodes only use the wireguard ip's to communicate between themselves. Usecase: ideally I can open an ssh tunnel to one of the nodes to use for accessing the API. Then the kubernetes API is not exposed to any external IP's by default, as well as the services you run, unless you explicitly decided to (through an ingress or load balancer)
It would be useful for security to ensure that the nodes only use the wireguard ip's to communicate between themselves. Usecase: ideally I can open an ssh tunnel to one of the nodes to use for accessing the API. Then the kubernetes API is not exposed to any external IP's by default, as well as the services you run, unless you explicitly decided to (through an ingress or load balancer)