Load balancing CIS K8s API (6443) readyz 401

Hi y’all. I’m using AWS and RKE2 (hope this is the right topic, it was the closest as I could tell) and I’m stuck on setting up a NLB for the Kubernetes API.

Specifically, I can’t make the target groups happy because the /readyz endpoint requires authentication. Is there something I’m missing here or some alternative implementation? I’d like to to keep the CIS tests passing.