diff --git a/roles/rke2/tasks/kubeconfig.yml b/roles/rke2/tasks/kubeconfig.yml
index 3955f552a49b122a583a695f9c1bbd6659ed940f..bc77402c2e0d45a49843d184aebe97a882f964d8 100644
--- a/roles/rke2/tasks/kubeconfig.yml
+++ b/roles/rke2/tasks/kubeconfig.yml
@@ -19,10 +19,16 @@
     dest: kubeconfig.yaml
     flat: yes
 
+- name: fetch kubeconfig from master
+  ansible.builtin.fetch:
+    src: /etc/rancher/rke2/rke2.yaml
+    dest: kubeconfigext.yaml
+    flat: yes
+
 - name: replace endpoint in kubeconfig
   delegate_to: localhost
   become: false
   ansible.builtin.replace:
-    path: kubeconfig.yaml
+    path: kubeconfigext.yaml
     regexp: '^(\s+server: ).*'
     replace: '\1https://rancher.{{ domain }}:6443'