diff --git a/ansible/roles/k3s-server/tasks/main.yml b/ansible/roles/k3s-server/tasks/main.yml
index bae699c..a224e66 100644
--- a/ansible/roles/k3s-server/tasks/main.yml
+++ b/ansible/roles/k3s-server/tasks/main.yml
@@ -63,6 +63,7 @@
     --node-ip={{ k3s_node_ip }}
     --tls-san={{ k3s_primary_ip }}
     --tls-san={{ k3s_primary_public_ip }}
+    --tls-san={{ kube_api_endpoint }}
     {% if k3s_disable_embedded_ccm | bool %}--disable-cloud-controller{% endif %}
     {% if k3s_disable_servicelb | bool %}--disable=servicelb{% endif %}
     {% if k3s_kubelet_cloud_provider_external | bool %}--kubelet-arg=cloud-provider=external{% endif %}
diff --git a/ansible/site.yml b/ansible/site.yml
index b9b1bad..8ab61b0 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -24,6 +24,7 @@
     k3s_primary_public_ip: "{{ ansible_host }}"
     k3s_primary_ip: "{{ k3s_private_ip }}"
     k3s_node_ip: "{{ k3s_private_ip }}"
+    kube_api_endpoint: "{{ kube_api_endpoint }}"
 
   roles:
     - k3s-server
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
index d3f026b..a8f987f 100644
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
@@ -65,6 +65,6 @@ output "kubeconfig_command" {
 }
 
 output "kube_api_lb_ip" {
-  description = "Load Balancer IP for Kubernetes API"
-  value       = hcloud_load_balancer.kube_api.ipv4
+  description = "Load Balancer private IP for Kubernetes API (used for cluster joins)"
+  value       = hcloud_load_balancer_network.kube_api.ip
 }