diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml
index 64a71fc22c912c72d293c712bf2c082d51674ff1..59e5288227518035a6d58166ffe0498e043ec763 100644
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@@ -78,6 +78,9 @@ kube_oidc_auth: false
 ## Variables for custom flags
 apiserver_custom_flags: []
 
+# List of the preferred NodeAddressTypes to use for kubelet connections.
+kubelet_preferred_address_types: 'InternalDNS,InternalIP,Hostname,ExternalDNS,ExternalIP'
+
 controller_mgr_custom_flags: []
 
 scheduler_custom_flags: []
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index bee13b4ec085b02b83423810c9e821ddc5b890bb..0dbe93caba3d0f83b83cf95bb0bc4f9f75239844 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -51,6 +51,7 @@ spec:
     - --kubelet-client-certificate={{ kube_cert_dir }}/node-{{ inventory_hostname }}.pem
     - --kubelet-client-key={{ kube_cert_dir }}/node-{{ inventory_hostname }}-key.pem
     - --service-account-lookup=true
+    - --kubelet-preferred-address-types={{ kubelet_preferred_address_types }}
 {% if kube_basic_auth|default(true) %}
     - --basic-auth-file={{ kube_users_dir }}/known_users.csv
 {% endif %}