Karmada api server using port range between 30000-32768

[gauravitdevops]

What happened:while installing karmada, the apiserver is using the port range which is added in services as 30000-32768 which is non-compliant as per our organization. Looking forward to manage these ports through values.yaml/ or any other method would be helpful if can be done that way.

What you expected to happen: Port range/ ports to be in users hand to change as per requirement.

How to reproduce it (as minimally and precisely as possible):Installing karmadactl and initializing it using karmadactl init command.

Environment:

• Karmada version:version.Info{GitVersion:"v1.6.1", GitCommit:"fdc7ac62c70b571d091a795cbe9b9fceac5f1c2c", GitTreeState:"clean", BuildDate:"2023-07-06T03:35:37Z", GoVersion:"go1.20.4", Compiler:"gc", Platform:"linux/amd64"}
• kubectl-karmada or karmadactl version (the result of kubectl-karmada version or karmadactl version):
• Others:
  -Kubernetes version- 1.25

[liangyuanpeng]

/remove-kind bug
/kind feature

[liangyuanpeng]

A quickly map is add a param of karmadactl to work for kube-apiserver args of service-node-port-range.

But increasing numbers of karmadactl parameters can be a maintenance challenge and can be ugly too.

That is the reason i create the issue of #3464

The other map is use karmada operator to deploy karmada.

[yike21]

Good idea. I think one reason is that karmadaAPIServer service may be exposed as nodeport when deploying a karmada cluster using operator. ref
And we can see doc says that If you set the type field to NodePort, the Kubernetes control plane allocates a port from a range specified by --service-node-port-range flag (default: 30000-32767). Here it is likely to keep the port range consistent.

[chaosi-zju]

Thank you for your feedback, while, I think that may not be a problem~

Actually, Karmada provided --port= parameter for you to customize the port of karmada-apiserver, you can refer it just like:

➜ ✗ karmadactl init -h
...
    -p, --port=32443:
        Karmada apiserver service node port
...

However, if you execute karmadactl init --port 3443 ...., you will get a error like this:

I0729 17:37:40.444168   86887 deploy.go:372] Create karmada ApiServer Deployment
error: unable to create Service: Service "karmada-apiserver" is invalid: spec.ports[0].nodePort: Invalid value: 3443: provided port is not in the valid range. The range of valid ports is 30000-32767

Why?

Haha, yike21 has given the answer in above comment. Actually, karmada-apiserver is just a Deployment with a NodePort type Service. The range of nodePort value is restricted by --service-node-port-range flag of kube-apiserver (default: 30000-32767).

So, if you can modify the config of your raw kube-apiserver and add --service-node-port-range=1-65535 to spec.containers.command filed, just like:

apiVersion: v1
kind: Pod
metadata:
   ......
  name: kube-apiserver-karmada-host-control-plane
  namespace: kube-system
  ......
spec:
  containers:
  - command:
    - kube-apiserver
    ......
    - --service-cluster-ip-range=100.173.0.0/16
    - --service-node-port-range=1-65535     ## look at this line
    ......

Then, you will get out of the port range restriction (Besides, the raw kube-apiserver is static pod, kubectl edit would not works, you shall modify the static pod manifest).

[RainbowMango]

Hi @gauravitdevops Could you please confirm if the solution from @chaosi-zju works for you?