Where is the kube-apiserver configured?
Is it setup in HA?
Are you planning in the future to allow us to see the kube-apiserver logs?
Are you planning to allow us to configure the kube-apiserver? For example to configure an OIDC provider so we can use bearer tokens instead of client certificates.
Are you planning to restrict the servers that can reach the kube-apiserver? It seems it’s open to the internet (granted you have credentials).

Thanks
/G.