diff --git a/metropolis/node/kubernetes/kubelet.go b/metropolis/node/kubernetes/kubelet.go
index d966e5d..31357ab 100644
--- a/metropolis/node/kubernetes/kubelet.go
+++ b/metropolis/node/kubernetes/kubelet.go
@@ -38,6 +38,7 @@
 type kubeletService struct {
 	NodeName           string
 	ClusterDNS         []net.IP
+	ClusterDomain      string
 	KubeletDirectory   *localstorage.DataKubernetesKubeletDirectory
 	EphemeralDirectory *localstorage.EphemeralDirectory
 	Output             io.Writer
@@ -92,7 +93,7 @@
 			},
 		},
 		// TODO(q3k): move reconciler.False to a generic package, fix the following references.
-		ClusterDomain:                "cluster.local", // cluster.local is hardcoded in the certificate too currently
+		ClusterDomain:                s.ClusterDomain,
 		EnableControllerAttachDetach: reconciler.False(),
 		HairpinMode:                  "none",
 		MakeIPTablesUtilChains:       reconciler.False(), // We don't have iptables
diff --git a/metropolis/node/kubernetes/pki/kubernetes.go b/metropolis/node/kubernetes/pki/kubernetes.go
index 1a14f99..ef046a2 100644
--- a/metropolis/node/kubernetes/pki/kubernetes.go
+++ b/metropolis/node/kubernetes/pki/kubernetes.go
@@ -100,7 +100,7 @@
 	Certificates map[KubeCertificateName]*opki.Certificate
 }
 
-func New(l logtree.LeveledLogger, kv clientv3.KV) *PKI {
+func New(l logtree.LeveledLogger, kv clientv3.KV, clusterDomain string) *PKI {
 	pki := PKI{
 		namespace:    opki.Namespaced(etcdPrefix),
 		logger:       l,
@@ -130,8 +130,7 @@
 			"kubernetes",
 			"kubernetes.default",
 			"kubernetes.default.svc",
-			"kubernetes.default.svc.cluster",
-			"kubernetes.default.svc.cluster.local",
+			"kubernetes.default.svc." + clusterDomain,
 			"localhost",
 		},
 		// TODO(q3k): add service network internal apiserver address
diff --git a/metropolis/node/kubernetes/service.go b/metropolis/node/kubernetes/service.go
index 03be33c..ff0f55c 100644
--- a/metropolis/node/kubernetes/service.go
+++ b/metropolis/node/kubernetes/service.go
@@ -45,6 +45,7 @@
 type Config struct {
 	ServiceIPRange net.IPNet
 	ClusterNet     net.IPNet
+	ClusterDomain  string
 
 	KPKI    *pki.PKI
 	Root    *localstorage.Root
@@ -121,6 +122,7 @@
 		kubelet := kubeletService{
 			NodeName:           s.c.Node.ID(),
 			ClusterDNS:         []net.IP{address},
+			ClusterDomain:      s.c.ClusterDomain,
 			KubeletDirectory:   &s.c.Root.Data.Kubernetes.Kubelet,
 			EphemeralDirectory: &s.c.Root.Ephemeral,
 			KPKI:               s.c.KPKI,
@@ -200,7 +202,7 @@
 	}
 
 	supervisor.Logger(ctx).Info("Registering K8s CoreDNS")
-	clusterDNSDirective := dns.NewKubernetesDirective("cluster.local", masterKubeconfig)
+	clusterDNSDirective := dns.NewKubernetesDirective(s.c.ClusterDomain, masterKubeconfig)
 	s.c.Network.ConfigureDNS(clusterDNSDirective)
 
 	supervisor.Signal(ctx, supervisor.SignalHealthy)