You can see my reply below: https://news.ycombinator.com/item?id=46609044 I believe our setups are pretty equivalent.

I achieve load balancing by running native wireguard on a vps at hetzner, I've got a native wireguard mesh, I believe Talos can do the same, where the peers are manually set up, or via. tailscale etc. I then tell k3s that it should use the wireguard interface for vxlan, and boom my kubernetes mesh is now connected.

flannel-iface: "wg0" # Talos might have something similar.

I do use some node-labels and affinities to make sure the right pods end up in the right spot. For example the metallb annoucer always has to come from the hetzner node. As mentioned in my reply below, it takes about 20ms roundtrip back to my homelab, so my sites can take a bit of time to load, but it works pretty well otherwise, sort of similar to how cloudflare tunnels would work, except not as polished.

My setup is here if it is of help

https://git.kjuulh.io/kjuulh/clank-homelab-flux/src/branch/m...