How to change the default nodeport range on Mac (docker-desktop)?

Question

How to change the default nodeport range on Mac (docker-desktop)?

I\'d like to change the default nodeport range on Mac. Is it possible? I\'m glad to have found this

Answer 1

Update: The example from the documentation shows a way to adjust apiserver parameters during Minikube start:

minikube start --extra-config=apiserver.service-node-port-range=1-65535

--extra-config: A set of key=value pairs that describe configuration that may be passed to different components. The key should be '.' separated, and the first part before the dot is the component to apply the configuration to. Valid components are: kubelet, apiserver, controller-manager, etcd, proxy, scheduler. link

The list of available options could be found in CLI documentation

---

Another way to change kube-apiserver parameters for Docker-for-desktop on Mac:

1. login to Docker VM:

    $ screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty
   
    #(you can also use privileged container for the same purpose)
    docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh
    #or
    docker run --rm -it --privileged --pid=host walkerlee/nsenter -t 1 -m -u -i -n sh
    # as suggested here: https://forums.docker.com/t/is-it-possible-to-ssh-to-the-xhyve-machine/17426/5
    # in case of minikube use the following command:
    $ minikube ssh
   

2. Edit kube-apiserver.yaml (it's one of static pods, they are created by kubelet using files in /etc/kubernetes/manifests)

    $ vi /etc/kubernetes/manifests/kube-apiserver.yaml
    # for minikube 
    $ sudo vi /etc/kubernetes/manifests/kube-apiserver.yaml
   

3. Add the following line to the pod spec:

    spec:
      containers:
      - command:
        - kube-apiserver
        - --advertise-address=192.168.65.3
        ...
        - --service-node-port-range=443-22000   # <-- add this line
        ...
   

4. Save and exit. Pod kube-apiserver will be restarted with new parameters.

5. Exit Docker VM (for screen: Ctrl-a,k , for container: Ctrl-d )

Check the results:

$ kubectl get pod kube-apiserver-docker-desktop -o yaml -n kube-system | less

Create simple deployment and expose it with service:

$ kubectl run nginx1 --image=nginx --replicas=2
$ kubectl expose deployment nginx1 --port 80 --type=NodePort
$ kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        14d
nginx1       NodePort    10.99.173.234   <none>        80:14966/TCP   5s

As you can see NodePort was chosen from the new range.

There are other ways to expose your container: HostNetwork, HostPort, MetalLB

You need to add the correct security context for that purpose, check out how the ingress addon in minikube works, for example.

...
ports:
- containerPort: 80
  hostPort: 80
  protocol: TCP
- containerPort: 443
  hostPort: 443
  protocol: TCP
...
securityContext:
  capabilities:
    add:
    - NET_BIND_SERVICE
    drop:
    - ALL