Comment 13 for bug 1959720

Ok, I got my credential permissions sorted and was able to reproduce the issue easily enough.

I can confirm that it is fixed in Charmed Kubernetes 1.22. After you upgrade to 1.22, make sure you remove the deprecated relation between kubernetes-worker:kube-api-endpoint and kubernetes-master:kube-api-endpoint. That will allow kubernetes-worker to get the API endpoint from the kube-control relation instead, which uses the loadbalanced API endpoint.