diff --git a/inventory/sample/group_vars/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster.yml
index 2ca718598..a4cb2d087 100644
--- a/inventory/sample/group_vars/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster.yml
@@ -110,6 +110,11 @@ kube_apiserver_insecure_port: 8080 # (http)
 # Can be ipvs, iptables
 kube_proxy_mode: iptables
 
+# Kube-proxy nodeport address.
+# cidr to bind nodeport services. Flag --nodeport-addresses on kube-proxy manifest
+kube_proxy_nodeport_addresses: false
+# kube_proxy_nodeport_addresses_cidr: 10.0.1.0/24
+
 ## Encrypting Secret Data at Rest (experimental)
 kube_encrypt_secret_data: false
 
diff --git a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
index 7096a2ff2..d1292887a 100644
--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -43,6 +43,9 @@ spec:
     - --proxy-mode={{ kube_proxy_mode }}
     - --oom-score-adj=-998
     - --healthz-bind-address={{ kube_proxy_healthz_bind_address }}
+{% if kube_proxy_nodeport_addresses %}
+    - --nodeport-addresses={{ kube_proxy_nodeport_addresses_cidr }}
+{% endif %}
 {% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
     - --masquerade-all
 {% elif kube_proxy_mode == 'ipvs' %}