Bug | nodeletctl creates cluster with k8s api listening on port 443 when port 6443 is specified.

[estenrye]

Issue

When provisioning a cluster with nodeletctl with a single master and single worker, when passed a configuration
that specifies port 6443 for the Kubernetes Api Port a cluster is produced with the k8s api listening on port 443.

This behavior impacts operations in two ways:

• Users cannot deploy an Ingress controllers that listen on port 443.
• Users cannot use templated kubeconfig without manually modifying to use port 443

How to reproduce

allowWorkloadsOnMaster: false
clusterName: airctl-mgmt
k8sApiPort: 6443
masterIp: 10.5.50.10
masterVipEnabled: true
masterVipVrouterId: 101
nodeletPkg: /opt/pf9/artifacts/nodelet.tar.gz
privileged: true
sshUser: ubuntu

masterVipInterface: ens3
calicoV4Interface: ens3
mtu: 9001
masterNodes:
  - nodeName: ip-10-5-50-209.us-west-2.compute.internal
    nodeIP: 10.5.50.209
workerNodes:
  - nodeName: ip-10-5-50-18.us-west-2.compute.internal
    nodeIP: 10.5.50.18

Observed Behavior

ubuntu@ip-10-5-50-209:~$ sudo netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 10.5.50.209:2380        0.0.0.0:*               LISTEN      17253/etcd          
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      17253/etcd          
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN      18644/kube-proxy    
tcp        0      0 127.0.0.1:10248         0.0.0.0:*               LISTEN      21955/kubelet       
tcp        0      0 127.0.0.1:9977          0.0.0.0:*               LISTEN      17896/bouncerd      
tcp        0      0 127.0.0.1:41065         0.0.0.0:*               LISTEN      16295/containerd    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1264/sshd: /usr/sbi 
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      465/systemd-resolve 
tcp6       0      0 :::22                   :::*                    LISTEN      1264/sshd: /usr/sbi 
tcp6       0      0 :::443                  :::*                    LISTEN      19008/kube-apiserve 
tcp6       0      0 :::10251                :::*                    LISTEN      19067/kube-schedule 
tcp6       0      0 :::10250                :::*                    LISTEN      21955/kubelet       
tcp6       0      0 :::10252                :::*                    LISTEN      18968/kube-controll 
tcp6       0      0 :::10257                :::*                    LISTEN      18968/kube-controll 
tcp6       0      0 :::10256                :::*                    LISTEN      18644/kube-proxy    
tcp6       0      0 :::10259                :::*                    LISTEN      19067/kube-schedule 
tcp6       0      0 :::4001                 :::*                    LISTEN      17253/etcd          
udp        0      0 127.0.0.53:53           0.0.0.0:*                           465/systemd-resolve 
udp        0      0 10.5.50.209:68          0.0.0.0:*                           462/systemd-network 
raw        0      0 0.0.0.0:51              0.0.0.0:*               7           21405/keepalived    
raw        0      0 0.0.0.0:51              0.0.0.0:*               7           21405/keepalived    
raw6       0      0 :::58                   :::*                    7           462/systemd-network 

Suspected Root Cause

K8S_API_PORT is hard-coded to port 443 in workerNodeletConfigTmpl and does not use {{ .K8sApiPort }}

nodelet/nodeletctl/pkg/nodeletctl/templates.go

Line 156 in 7a52c3d

K8S_API_PORT: "443"