what you do (from what I gather) is you run netclient join on the node first with --dns off --daemon off and once the wg interfaces are up on the node, you use the deployment to get your pod to take over control of the netclient/wg instance. If you look at the deployment https://raw.githubusercontent.com/gravitl/netmaker/develop/kube/netclient-template.yaml you can see the volume mounts on how it does it. That way the pod controls the netclient on the node and you can just point to the dns running on the netmaker server since the wg interfaces are natively routed. It's like a limited version of docker network mode=host.