Use keepalived with authorized endpoint

Authorized Endpoint seems to require its load balancer to terminate the SSL and listen on https port 443. Is there a document on configuring the load balancer?

In any case, I would like to use a keepalived load balanccer which in essence providing a different ip to access the apiserver - port is the same 6443, and the certificate is from the apiserver directly. Given the fqdn without the ca certificate would signal that such a loadbalancer is used. The web interface may need to add a port for such load balancer. The apiserver certificate may need to add the fqdn to its SAN. In addition, we may want the kubeconfig file keep the context for accessing the apiserver directly even when fqdn is specified.