diff --git a/contrib/ansible/roles/kubernetes/defaults/main.yml b/contrib/ansible/roles/kubernetes/defaults/main.yml
index 736b4d6c149..8d9a1f7e6fe 100644
--- a/contrib/ansible/roles/kubernetes/defaults/main.yml
+++ b/contrib/ansible/roles/kubernetes/defaults/main.yml
@@ -1,3 +1,6 @@
+# The port that the Kubernetes apiserver component listens on.
+kube_master_api_port: 443
+
 # This directory is where all the additional scripts go
 # that Kubernetes normally puts in /srv/kubernetes.
 # This puts them in a sane location
diff --git a/contrib/ansible/roles/kubernetes/templates/config.j2 b/contrib/ansible/roles/kubernetes/templates/config.j2
index 8da21e4bb8d..cf83970267e 100644
--- a/contrib/ansible/roles/kubernetes/templates/config.j2
+++ b/contrib/ansible/roles/kubernetes/templates/config.j2
@@ -20,4 +20,4 @@ KUBE_LOG_LEVEL="--v=0"
 KUBE_ALLOW_PRIV="--allow_privileged=true"
 
 # How the replication controller, scheduler, and proxy
-KUBE_MASTER="--master=https://{{ groups['masters'][0] }}:443"
+KUBE_MASTER="--master=https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}"
diff --git a/contrib/ansible/roles/master/tasks/firewalld.yml b/contrib/ansible/roles/master/tasks/firewalld.yml
index 7dc5d7fa73f..494143f4475 100644
--- a/contrib/ansible/roles/master/tasks/firewalld.yml
+++ b/contrib/ansible/roles/master/tasks/firewalld.yml
@@ -1,10 +1,10 @@
 ---
 - name: Open firewalld port for apiserver
-  firewalld: port=443/tcp permanent=false state=enabled
+  firewalld: port={{ kube_master_api_port }}/tcp permanent=false state=enabled
   # in case this is also a node with firewalld turned off
   ignore_errors: yes
 
 - name: Save firewalld port for apiserver
-  firewalld: port=443/tcp permanent=true state=enabled
+  firewalld: port={{ kube_master_api_port }}/tcp permanent=true state=enabled
   # in case this is also a node with firewalld turned off
   ignore_errors: yes
diff --git a/contrib/ansible/roles/master/tasks/iptables.yml b/contrib/ansible/roles/master/tasks/iptables.yml
index 596e5126b82..25175a9800f 100644
--- a/contrib/ansible/roles/master/tasks/iptables.yml
+++ b/contrib/ansible/roles/master/tasks/iptables.yml
@@ -5,7 +5,7 @@
   always_run: yes
 
 - name: Open apiserver port with iptables
-  command: /sbin/iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT -m comment --comment "kube-apiserver"
+  command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ kube_master_api_port }} -j ACCEPT -m comment --comment "kube-apiserver"
   when: "'kube-apiserver' not in iptablesrules.stdout"
   notify:
     - restart iptables
diff --git a/contrib/ansible/roles/master/templates/apiserver.j2 b/contrib/ansible/roles/master/templates/apiserver.j2
index 5f781db6611..eb42ef09427 100644
--- a/contrib/ansible/roles/master/templates/apiserver.j2
+++ b/contrib/ansible/roles/master/templates/apiserver.j2
@@ -8,7 +8,7 @@
 KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"
 
 # The port on the local server to listen on.
-KUBE_API_PORT="--secure-port=443"
+KUBE_API_PORT="--secure-port={{ kube_master_api_port }}"
 
 # Port nodes listen on
 # KUBELET_PORT="--kubelet_port=10250"
diff --git a/contrib/ansible/roles/master/templates/controller-manager.kubeconfig.j2 b/contrib/ansible/roles/master/templates/controller-manager.kubeconfig.j2
index 96703b5ed5b..cb3af1bce46 100644
--- a/contrib/ansible/roles/master/templates/controller-manager.kubeconfig.j2
+++ b/contrib/ansible/roles/master/templates/controller-manager.kubeconfig.j2
@@ -5,7 +5,7 @@ preferences: {}
 clusters:
 - cluster:
     certificate-authority: {{ kube_cert_dir }}/ca.crt
-    server: https://{{ groups['masters'][0] }}:443
+    server: https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}
   name: {{ cluster_name }}
 contexts:
 - context:
diff --git a/contrib/ansible/roles/master/templates/kubectl.kubeconfig.j2 b/contrib/ansible/roles/master/templates/kubectl.kubeconfig.j2
index 9225280ded3..01618858bb6 100644
--- a/contrib/ansible/roles/master/templates/kubectl.kubeconfig.j2
+++ b/contrib/ansible/roles/master/templates/kubectl.kubeconfig.j2
@@ -5,7 +5,7 @@ preferences: {}
 clusters:
 - cluster:
     certificate-authority-data: {{ kube_ca_cert|b64encode }}
-    server: https://{{ groups['masters'][0] }}:443
+    server: https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}
   name: {{ cluster_name }}
 contexts:
 - context:
diff --git a/contrib/ansible/roles/master/templates/scheduler.kubeconfig.j2 b/contrib/ansible/roles/master/templates/scheduler.kubeconfig.j2
index 300783dd3e2..57f5fa3cc30 100644
--- a/contrib/ansible/roles/master/templates/scheduler.kubeconfig.j2
+++ b/contrib/ansible/roles/master/templates/scheduler.kubeconfig.j2
@@ -5,7 +5,7 @@ preferences: {}
 clusters:
 - cluster:
     certificate-authority: {{ kube_cert_dir }}/ca.crt
-    server: https://{{ groups['masters'][0] }}:443
+    server: https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}
   name: {{ cluster_name }}
 contexts:
 - context:
diff --git a/contrib/ansible/roles/node/templates/kubelet.j2 b/contrib/ansible/roles/node/templates/kubelet.j2
index f880f4201ae..3e9029f6839 100644
--- a/contrib/ansible/roles/node/templates/kubelet.j2
+++ b/contrib/ansible/roles/node/templates/kubelet.j2
@@ -11,11 +11,11 @@ KUBELET_ADDRESS="--address=0.0.0.0"
 KUBELET_HOSTNAME="--hostname_override={{ inventory_hostname }}"
 
 # location of the api-server
-KUBELET_API_SERVER="--api_servers=https://{{ groups['masters'][0]}}:443"
+KUBELET_API_SERVER="--api_servers=https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}"
 
 # Add your own!
 {% if dns_setup %}
 KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
 {% else %}
-KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
+KUBELET_ARGS="--kubeconfig={{ kube_config_dir }}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
 {% endif %}
diff --git a/contrib/ansible/roles/node/templates/kubelet.kubeconfig.j2 b/contrib/ansible/roles/node/templates/kubelet.kubeconfig.j2
index b9c22fa63f5..1ebe2e75030 100644
--- a/contrib/ansible/roles/node/templates/kubelet.kubeconfig.j2
+++ b/contrib/ansible/roles/node/templates/kubelet.kubeconfig.j2
@@ -5,7 +5,7 @@ preferences: {}
 clusters:
 - cluster:
     certificate-authority: {{ kube_cert_dir }}/ca.crt
-    server: https://{{ groups['masters'][0] }}:443
+    server: https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}
   name: {{ cluster_name }}
 contexts:
 - context:
diff --git a/contrib/ansible/roles/node/templates/proxy.kubeconfig.j2 b/contrib/ansible/roles/node/templates/proxy.kubeconfig.j2
index f5d109816a5..e869919c188 100644
--- a/contrib/ansible/roles/node/templates/proxy.kubeconfig.j2
+++ b/contrib/ansible/roles/node/templates/proxy.kubeconfig.j2
@@ -10,7 +10,7 @@ contexts:
 clusters:
 - cluster:
     certificate-authority: {{ kube_cert_dir }}/ca.crt
-    server: https://{{ groups['masters'][0] }}:443
+    server: https://{{ groups['masters'][0] }}:{{ kube_master_api_port }}
   name: {{ cluster_name }}
 users:
 - name: proxy