diff --git a/inventory/sample/group_vars/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster.yml
index 119d5af09a8ec9a77f04fff4e25c6822995a3a31..aa0210ebd34b5ca75b00e144975ca168eb8cb0eb 100644
--- a/inventory/sample/group_vars/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster.yml
@@ -107,6 +107,11 @@ kube_apiserver_insecure_port: 8080 # (http)
 # Can be ipvs, iptables
 kube_proxy_mode: iptables
 
+# Kube-proxy nodeport address.
+# cidr to bind nodeport services. Flag --nodeport-addresses on kube-proxy manifest
+kube_proxy_nodeport_addresses: false
+# kube_proxy_nodeport_addresses_cidr: 10.0.1.0/24
+
 ## Encrypting Secret Data at Rest (experimental)
 kube_encrypt_secret_data: false
 
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
index f0786b4e94a3abae216c3172e6502500e2cc7cac..fd569b8876b9c439863ab699f6572a37acc84bcc 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
@@ -22,12 +22,15 @@ kubernetesVersion: {{ kube_version }}
 {% if cloud_provider is defined and cloud_provider not in ["gce", "oci"] %}
 cloudProvider: {{ cloud_provider }}
 {% endif %}
-{% if kube_proxy_mode == 'ipvs' and kube_version | version_compare('v1.10', '<') %}
 kubeProxy:
   config:
+{% if kube_proxy_mode == 'ipvs' and kube_version | version_compare('v1.10', '<') %}
     featureGates: SupportIPVSProxyMode=true
     mode: ipvs
 {% endif %}
+{% if kube_proxy_nodeport_addresses %}
+    nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}]
+{% endif %}
 authorizationModes:
 {% for mode in authorization_modes %}
 - {{ mode }}
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
index 68c67db59f0e9d740995e5c2d91a15d5972d5307..31c499e0fd3b96ff0a42031e8059b42c4ba930e3 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
@@ -27,6 +27,9 @@ kubeProxy:
   config:
     mode: {{ kube_proxy_mode }}
     hostnameOverride: {{ inventory_hostname }}
+{% if kube_proxy_nodeport_addresses %}
+    nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}]
+{% endif %}
 authorizationModes:
 {% for mode in authorization_modes %}
 - {{ mode }}
diff --git a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
index 7096a2ff26a325fa7bf0ff7d7a7804a7ee39ccaf..d1292887aad1a22fd6d272a9899ad40e4a351913 100644
--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -43,6 +43,9 @@ spec:
     - --proxy-mode={{ kube_proxy_mode }}
     - --oom-score-adj=-998
     - --healthz-bind-address={{ kube_proxy_healthz_bind_address }}
+{% if kube_proxy_nodeport_addresses %}
+    - --nodeport-addresses={{ kube_proxy_nodeport_addresses_cidr }}
+{% endif %}
 {% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
     - --masquerade-all
 {% elif kube_proxy_mode == 'ipvs' %}