If I'm not mistaken, I believe the k8s API is available from within the cluster itself by default. You don't need to deploy a tunneler on the host via daemonset. You just need to deploy any OpenZiti tunneler in the kubernetes cluster. You could do that with a daemonset or just a regular pod.
Regardless of how you deploy OpenZiti though, are you confused as to how you'd create the service itself? As in, what the host config would look like? I am not sure I understand your question fully.
Another way is to deploy a Ziti tunneler in hosting mode as a reverse proxy: Deploy a Hosting Tunneler in Kubernetes | OpenZiti. The ziti-host chart runs ziti-edge-tunnel run-host, which is a run mode that only hosts Ziti services.
Yeah basically that's my question, how can we configure an Openziti service to access the K8S API, how should the host.v1 be configured?
Also for apps hosted on K8S, if it's a pod running a private router or a tunneler with, should Openziti host.v1 config point directly to the K8S services ?