diff --git a/hack/lib/kind-config/single-node.yaml b/hack/lib/kind-config/single-node.yaml
index 5247f5b5..0031fbd7 100644
--- a/hack/lib/kind-config/single-node.yaml
+++ b/hack/lib/kind-config/single-node.yaml
@@ -24,3 +24,18 @@ nodes:
       containerPort: 31235
       hostPort: 12346
       listenAddress: 127.0.0.1
+kubeadmConfigPatches:
+- |
+  apiVersion: kubeadm.k8s.io/v1beta2
+  kind: ClusterConfiguration
+  apiServer:
+    extraArgs:
+      # To make sure the endpoints on our service are correct (this mostly matters for kubectl based
+      # installs where kapp is not doing magic changes to the deployment and service selectors).
+      # Setting this field to true makes it so that the API service will do the service cluster IP
+      # to endpoint IP translations internally instead of relying on the network stack (i.e. kube-proxy).
+      # The logic inside the API server is very straightforward - randomly pick an IP from the list
+      # of available endpoints.  This means that over time, all endpoints associated with the service
+      # are exercised.  For whatever reason, leaving this as false (i.e. use kube-proxy) appears to
+      # hide some network misconfigurations when used internally by the API server aggregation layer.
+      enable-aggregator-routing: "true"