This was a regression against upstream in former version due to different wiring. It also is considered to be a dangerous behaviour as people start implying trust when seeing the API server client cert, reminding of CVE-2018-1002105 https://github.com/kubernetes/kubernetes/issues/71411.