diff --git a/modules/k8s/default.nix b/modules/k8s/default.nix
index 7ddeb05..fd9a41f 100644
--- a/modules/k8s/default.nix
+++ b/modules/k8s/default.nix
@@ -25,7 +25,7 @@ let
   hostName = config.networking.hostName;
   domain = config.networking.domain;
 
-  apiserverAddress = "https://${cfg.master.address}:4443";
+  apiserverAddress = "https://${cfg.master.address}:6443";
 
   cfssl-apitoken =
     let
@@ -220,7 +220,7 @@ let
         advertiseAddress = cfg.master.address;
         authorizationMode = [ "Node" "RBAC" ];
         allowPrivileged = true;
-        securePort = 4443;
+        securePort = 6443;
         serviceClusterIpRange = "10.0.0.0/22";
         extraOpts = "--requestheader-client-ca-file ${pki.ca.cert}";
         #extraSANs = cfg.master.extraSANs;
@@ -252,7 +252,7 @@ let
     };
 
     networking.firewall = {
-      allowedTCPPorts = [ 53 5000 8080 4443 4001 2379 2380 10250 10251 10252 ];
+      allowedTCPPorts = [ 53 5000 8080 6443 4001 2379 2380 10250 10251 10252 ];
       allowedUDPPorts = [ 53 4053 ];
     };