NodePort conflicts wiht kube-apiserver's hostPort
kube-apiserver pod is a static pod brought up by kubelet using /etc/kubernetes/manifests/kube-apiserver.yaml file on master nodes
so you can edit /etc/kubernetes/manifests/kube-apiserver.yaml ,where 8443 port is referenced and change it to a unused port. so that kube-apiserver will be available on that port. ideally kubelet tries to restart a static pod when its manifest file is changed .
you need to edit ~/.kube/config , where 'server' address needs to be changed to new port.
delete the problematic nodeport service .
revert your changes in /etc/kubernetes/manifests/kube-apiserver.yaml & .kube/config file to go back to original port (8443)
It should not be possible when port range is set with default service-node-port-range
api-server flag.
--service-node-port-range portRange Default: 30000-32767
A port range to reserve for services with NodePort visibility. Example: '30000-32767'. Inclusive at both ends of the range.
What can I do to get my k8s cluster back?
You can change /etc/kubernetes/manifests/kube-apiserver.yaml
file and reaplace all occurrences of 8443
to e.g. 6443
.
Then connect to apiserver with:
$ kubectl --server https://<ip>:6443 ...
Delete the my-service
service and restore kube-apiserver.yaml file to its previous form.
Why kube-apiserver or other components doesn't prevent me to change the nodePort to 8443? Indicate the port 8443 is already in use.
I don't think many people encounter this problem because people usually use api-server with default values of --service-node-port-range
flag which is: 30000-32767
. In such case you would see this error:
The Service "my-service" is invalid: spec.ports[0].nodePort: Invalid value: 8443: provided port is not in the valid range. The range of valid ports is 30000-32767
Probably the best thing you can do with it is to ask k8s developers on k8s github repo. Just open an issue and as this question there.