diff --git a/staging/src/k8s.io/apiserver/pkg/server/config_selfclient.go b/staging/src/k8s.io/apiserver/pkg/server/config_selfclient.go
index f2c2de9b324..9a224d3f75a 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/config_selfclient.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/config_selfclient.go
@@ -42,8 +42,6 @@ func (s *SecureServingInfo) NewClientConfig(caCert []byte) (*restclient.Config,
 		// Do not limit loopback client QPS.
 		QPS:  -1,
 		Host: "https://" + net.JoinHostPort(host, port),
-		// override the ServerName to select our loopback certificate via SNI. This name is also
-		// used by the client to compare the returns server certificate against.
 		TLSClientConfig: restclient.TLSClientConfig{
 			CAData: caCert,
 		},
@@ -57,6 +55,8 @@ func (s *SecureServingInfo) NewLoopbackClientConfig(token string, loopbackCert [
 	}
 
 	c.BearerToken = token
+	// override the ServerName to select our loopback certificate via SNI. This name is also
+	// used by the client to compare the returns server certificate against.
 	c.TLSClientConfig.ServerName = LoopbackClientServerNameOverride
 
 	return c, nil