diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 308922a99cbb852f0855606792eb076e4fb7441d..0cee9c3295a99b37c69954886ed6f6454fed266d 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -127,6 +127,8 @@ peer_with_router: false
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
kube_apiserver_port: 443 # (https)
kube_apiserver_insecure_port: 8080 # (http)
+# local loadbalancer should use this port instead - default to kube_apiserver_port
+nginx_kube_apiserver_port: "{{ kube_apiserver_port }}"
# Internal DNS configuration.
# Kubernetes can create and mainatain its own DNS server to resolve service names
diff --git a/roles/kubernetes/node/templates/nginx.conf.j2 b/roles/kubernetes/node/templates/nginx.conf.j2
index 352218da408aa138f29a5223954c978f7b8e93fb..6e8622ed4e52cb63d99358747df00c2e58c9fd78 100644
--- a/roles/kubernetes/node/templates/nginx.conf.j2
+++ b/roles/kubernetes/node/templates/nginx.conf.j2
@@ -16,7 +16,7 @@ stream {
}
server {
- listen 127.0.0.1:{{ kube_apiserver_port }};
+ listen 127.0.0.1:{{ nginx_kube_apiserver_port }};
proxy_pass kube_apiserver;
proxy_timeout 10m;
proxy_connect_timeout 1s;
diff --git a/roles/kubernetes/preinstall/tasks/set_facts.yml b/roles/kubernetes/preinstall/tasks/set_facts.yml
index f57cd702e1407d1391548b086138e1fd2d363d5c..456467a97cf1f9415e035af2280cdf1f7b25647f 100644
--- a/roles/kubernetes/preinstall/tasks/set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/set_facts.yml
@@ -10,7 +10,7 @@
- set_fact:
kube_apiserver_endpoint: |-
{% if not is_kube_master and loadbalancer_apiserver_localhost -%}
- https://localhost:{{ kube_apiserver_port }}
+ https://localhost:{{ nginx_kube_apiserver_port }}
{%- elif is_kube_master and loadbalancer_apiserver is not defined -%}
http://127.0.0.1:{{ kube_apiserver_insecure_port }}
{%- else -%}