- not feasible to 'advertise address' using the public IP, since none of the rest of the control plane components can access (ie, public IP is NAT'd and not available on the actual noe)
- need to create a certificate so the public IP can access the cluster
sample kubeadm config:
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
apiServer:
certSANs:
- <the public ip>
Then on your local machine:
scp user@publicip:/home/user/.kube/config ~/.kube/config
Then edit the config to reflect the public IP, ala: s#https://.*:6443#https://publicIP:6443#
Then you can kubectl all the things.