Currently there is no way to customize this other than a complicated process after the fact. It would be good to be able to specify this during initial cluster standup.
Similar to how you can specify it during deployment when using RKE (partial cluster.yml snippet):
services:
kube-api:
service_cluster_ip_range: ...
kube-controller:
service_cluster_ip_range: ...
cluster_cidr: ...
kubelet:
cluster_domain: k8s-int.example.com
This allows for example to deploy a "*.namespace.k8s-int.example.com" fully trusted wildcard cert into the cluster that pods can use, and then they can use dns based service references to refer to internal services using the internal cluster DNS -- while still having a fully validatable cert. (Without relying on "add to the CA list" type of actions.
It's also tough to provide references or locate trustworthy sources on the subject.
Your writing abilities aren't good enough to get you a good grade. It may make the pupil feel uncomfortable and insecure.
Apparently the process isn't all that complicated in the UI - but request to expose this during initial setup still applicable.