Ability to set extra SANs to the API server certificate

[maksym-iv]

What would you like to be added:
Ability to set extra SANs for the API server certificate

Why is this needed:
In some cases, if apiServerAddress is modified (which is highly not recommended for sure, and should be done if implications are clear) it may be needed to se custom SANs. Example use-case:

• Temporary AWS instance with the ephemeral pub IP
• Kind cluster set up in that AWS instance
• apiServerAddress is set to the internal EC2 IP
• External CI system communicates with the temporary Kind cluster
• Error Unable to connect to the server: tls: failed to verify certificate: x509: certificate is valid for 10.96.0.1, 172.18.0.2, 0.0.0.0, not 18.118.189.168

Setting apiServerAddress to the external IP will fail because it is not the EC2 IP and failed to listen on the ${EXTERNAL_IP} will be risen, so adding extra SANs capabilities would help in such cases.

[maksym-iv]

UPD, no need for any additional feature feature, possible to achieve with the Kubeadm Config Patches

kind: Cluster
name: local
apiVersion: kind.x-k8s.io/v1alpha4
networking:
  apiServerAddress: "0.0.0.0"
  apiServerPort: 6443
nodes:
  - role: control-plane
kubeadmConfigPatchesJSON6902:
- group: kubeadm.k8s.io
  version: v1beta3
  kind: ClusterConfiguration
  patch: |
    - op: add
      path: /apiServer/certSANs/-
      value: YOUR_SAN_GOES_HERE
    - op: add
      path: /apiServer/certSANs/-
      value: YOUR_ANOTHER_SAN_GOES_HERE

Additional thanks to @aojea for the suggestion

[BenTheElder]

thanks @aojea @maksym-iv