kubernetes - How to set service-node-port-range and then be able to deploy services using the new port range?

Question

I have a requirement that a test server should use the port range 20000 - 22767

I edited the kubeadm-config with the command

kubectl edit cm kubeadm-config -n kube-system

When I look at the result I see that the change seems to have been stored:

The command $ kubeadm config view gives me

apiServer:
  extraArgs:
    authorization-mode: Node,RBAC
    service-node-port-range: 20000-22767
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta1
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: ""
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.13.3
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
scheduler: {}

But when I later try to install something within hte new port range I get the error

helm upgrade --install --kubeconfig /external-storage/workspace/potapi-orchestration/clusters/at/admin.conf potapi-services charts/potapi-services -f charts/potapi-services/values.at.yaml
Error: UPGRADE FAILED: Service "potapi-services" is invalid: spec.ports[0].nodePort: Invalid value: 21011: provided port is not in the valid range. The range of valid ports is 30000-32767

I have fiddled with the suggestions here but with no luck: https://github.com/kubernetes/kubeadm/issues/122

Answer 1

It is possible to update the service-node-port-rangefrom it's default values.

I updated the file /etc/kubernetes/manifests/kube-apiserver.yaml with --service-node-port-range=20000-22767.

The apiserver was restarted and the port range was updated.

I wrote a blog post about it.