diff --git a/docs/ha-mode.md b/docs/ha-mode.md
index b7ec9ab7498538d48a37da9da0dd05fc2bc116fe..22868b9abc4c4e25dd34efcdf64cab43fb3b79d1 100644
--- a/docs/ha-mode.md
+++ b/docs/ha-mode.md
@@ -27,19 +27,21 @@ non-master Kubernetes node. This is referred to as localhost loadbalancing. It
 is less efficient than a dedicated load balancer because it creates extra
 health checks on the Kubernetes apiserver, but is more practical for scenarios
 where an external LB or virtual IP management is inconvenient.  This option is
-configured by the variable `loadbalancer_apiserver_localhost` (defaults to `True`).
+configured by the variable `loadbalancer_apiserver_localhost` (defaults to
+`True`. Or `False`, if there is an external `loadbalancer_apiserver` defined).
 You may also define the port the local internal loadbalancer uses by changing,
-`nginx_kube_apiserver_port`.  This defaults to the value of `kube_apiserver_port`.
-It is also important to note that Kubespray will only configure kubelet and kube-proxy
-on non-master nodes to use the local internal loadbalancer.
-
-If you choose to NOT use the local internal loadbalancer, you will need to configure
-your own loadbalancer to achieve HA. Note that deploying a loadbalancer is up to
-a user and is not covered by ansible roles in Kubespray. By default, it only configures
-a non-HA endpoint, which points to the `access_ip` or IP address of the first server
-node in the `kube-master` group. It can also configure clients to use endpoints
-for a given loadbalancer type. The following diagram shows how traffic to the
-apiserver is directed.
+`nginx_kube_apiserver_port`.  This defaults to the value of
+`kube_apiserver_port`. It is also important to note that Kubespray will only
+configure kubelet and kube-proxy on non-master nodes to use the local internal
+loadbalancer.
+
+If you choose to NOT use the local internal loadbalancer, you will need to
+configure your own loadbalancer to achieve HA. Note that deploying a
+loadbalancer is up to a user and is not covered by ansible roles in Kubespray.
+By default, it only configures a non-HA endpoint, which points to the
+`access_ip` or IP address of the first server node in the `kube-master` group.
+It can also configure clients to use endpoints for a given loadbalancer type.
+The following diagram shows how traffic to the apiserver is directed.
 
 ![Image](figures/loadbalancer_localhost.png?raw=true)
 
@@ -68,7 +70,7 @@ listen kubernetes-apiserver-https
 
 And the corresponding example global vars config:
 ```
-apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"
+apiserver_loadbalancer_domain_name: "my-apiserver-lb.example.com"
 loadbalancer_apiserver:
   address: <VIP>
   port: 8383
diff --git a/roles/etcd/templates/openssl.conf.j2 b/roles/etcd/templates/openssl.conf.j2
index 0eef7eaf2d63669d8f6af2a6c5aba5db50db36db..c4a0d81c9292c3b8384ccbea611c3810c9446f04 100644
--- a/roles/etcd/templates/openssl.conf.j2
+++ b/roles/etcd/templates/openssl.conf.j2
@@ -27,7 +27,7 @@ DNS.1 = localhost
 {% for host in groups['etcd'] %}
 DNS.{{ 1 + loop.index }} = {{ host }}
 {% endfor %}
-{% if loadbalancer_apiserver is defined  and apiserver_loadbalancer_domain_name is defined %}
+{% if loadbalancer_apiserver is defined %}
 {% set idx =  groups['etcd'] | length | int + 2 %}
 DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
 {% endif %}
diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml
index d0edfaff0045bf783ee32b2dea0df20384347b95..e20a71eb833389937dd0e744b5455a11b4e8d497 100644
--- a/roles/kubernetes/client/tasks/main.yml
+++ b/roles/kubernetes/client/tasks/main.yml
@@ -7,7 +7,7 @@
   set_fact:
     external_apiserver_endpoint: >-
       {%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
-      https://{{ apiserver_loadbalancer_domain_name|default('lb-apiserver.kubernetes.local') }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
+      https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
       {%- else -%}
       https://{{ first_kube_master }}:{{ kube_apiserver_port }}
       {%- endif -%}
diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml
index 2720b2c7a9af12464120da96bf93ce2ad8ce9133..c901bc4fa02b9614f77c6b94e854eb6cadbc7460 100644
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -47,7 +47,7 @@
       localhost
       127.0.0.1
       {{ ' '.join(groups['kube-master']) }}
-      {%- if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
+      {%- if loadbalancer_apiserver is defined %}
       {{ apiserver_loadbalancer_domain_name }}
       {%- endif %}
       {%- for host in groups['kube-master'] -%}
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 72ae274caeacf44204a0072d2494500a559cf6e7..100c38c468c7d7e7df451b5e82ef87a5a9fa24d6 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -18,7 +18,7 @@
     - kubelet
 
 - include: nginx-proxy.yml
-  when: is_kube_master == false and loadbalancer_apiserver_localhost|default(true)
+  when: is_kube_master == false and loadbalancer_apiserver_localhost
   tags:
     - nginx
 
diff --git a/roles/kubernetes/preinstall/tasks/etchosts.yml b/roles/kubernetes/preinstall/tasks/etchosts.yml
index 69496b7c2bf4bce14c8c6888662e2d529620bc53..80456f3547e0cd1a5f149c7a160b7d56450fdcbb 100644
--- a/roles/kubernetes/preinstall/tasks/etchosts.yml
+++ b/roles/kubernetes/preinstall/tasks/etchosts.yml
@@ -15,13 +15,12 @@
   lineinfile:
     dest: /etc/hosts
     regexp: ".*{{ apiserver_loadbalancer_domain_name }}$"
-    line: "{{ loadbalancer_apiserver.address }} {{ apiserver_loadbalancer_domain_name| default('lb-apiserver.kubernetes.local') }}"
+    line: "{{ loadbalancer_apiserver.address }} {{ apiserver_loadbalancer_domain_name }}"
     state: present
     backup: yes
   when:
     - loadbalancer_apiserver is defined
     - loadbalancer_apiserver.address is defined
-    - apiserver_loadbalancer_domain_name is defined
 
 - name: Hosts | localhost ipv4 in hosts file
   lineinfile:
diff --git a/roles/kubernetes/secrets/tasks/gen_certs_vault.yml b/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
index 4c5dc2eaa0cd9a4452e3969496f9e020335c663b..f1719c55cf05e4f352cbb374c6b6a9e53849a4d6 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
@@ -33,7 +33,7 @@
 - name: gen_certs_vault | Add external load balancer domain name to certificate alt names
   set_fact:
     kube_cert_alt_names: "{{ kube_cert_alt_names + [apiserver_loadbalancer_domain_name] }}"
-  when: loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined
+  when: loadbalancer_apiserver is defined
   run_once: true
 
 # Issue master components certs to kube-master hosts
diff --git a/roles/kubernetes/secrets/templates/openssl.conf.j2 b/roles/kubernetes/secrets/templates/openssl.conf.j2
index d998d4cb3fdb71de7e6a1ebf5f57b562782896db..d81605d4fb7d7b39fcf86a343b4a65a7023fe860 100644
--- a/roles/kubernetes/secrets/templates/openssl.conf.j2
+++ b/roles/kubernetes/secrets/templates/openssl.conf.j2
@@ -15,7 +15,7 @@ DNS.5 = localhost
 {% for host in groups['kube-master'] %}
 DNS.{{ 5 + loop.index }} = {{ host }}
 {% endfor %}
-{% if loadbalancer_apiserver is defined  and apiserver_loadbalancer_domain_name is defined %}
+{% if loadbalancer_apiserver is defined  %}
 {% set idx =  groups['kube-master'] | length | int + 5 + 1 %}
 DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
 {% endif %}
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 49af70e2c6de3bfee0be5291406b437cde4b9b5d..df5036168ad4cbadcd11147bdbb99e940d218c69 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -204,8 +204,10 @@ kube_apiserver_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
 kube_apiserver_access_address: "{{ access_ip | default(kube_apiserver_address) }}"
 first_kube_master: "{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}"
 loadbalancer_apiserver_localhost: "{{ loadbalancer_apiserver is not defined }}"
+# applied if only external loadbalancer_apiserver is defined, otherwise ignored
+apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"
 kube_apiserver_endpoint: |-
-  {% if not is_kube_master and loadbalancer_apiserver_localhost|default(true) -%}
+  {% if not is_kube_master and loadbalancer_apiserver_localhost -%}
        https://localhost:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }}
   {%- elif is_kube_master -%}
        https://127.0.0.1:{{ kube_apiserver_port }}