According to the referrence, two of the options kube-apiserver takes are --bind-address and --advertise-address It appears to me that they conflict each other.

What is/are the actual difference(s) between the two?

Is --bind-address the address that the kube-apiserver process will listen on?

Is --advertise-address the address that kube-apiserver will advertise as the address that it will be listening on? If so, how does it advertise? Does it do some kind of a broadcast over the network?

According to the reference-kube-apiserver that you are referencing:

--advertise-address ip The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.

and

--bind-address ip The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank, all interfaces will be used (0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces). (default 0.0.0.0)

Those parameters are configurable, but please keep in mind they should be specified during cluster bootstrapping.

API server ports and IP addresses

• default “Secure port” is 6443, but can be changed with the --secure-port flag. As described in the documentation - master node should expose secure port for other cluster components to communicate with the Kubernetes API server.
• default IP is first non-localhost network interface, but can be changed with the --bind-address flag.

Above mentioned parameters (--secure-port and --bind-address) allow you to configure network interface with secure port for Kubernetes API. As stated before, if you don't specify any values:

By default it would be default IP is first non-localhost network interface and 6443 port.

Please note that:
--advertise-address will be used by kube-apiserver to advertise this address for kubernetes controller which are responsible for preparing endpoints for kubernetes.default.svc (core Service responsible for communication between internal applications and the the API server). This Kubernetes Service VIP is configured for per-node load-balancing by kube-proxy.
More information on kubernetes.default.svc and kubernetes controller can be found here.

Cluster <-> Master communication

All communication paths from the cluster to the master terminate at the apiserver (none of the other master components are designed to expose remote services). In a typical deployment, the apiserver is configured to listen for remote connections on a secure HTTPS port (443) The kubernetes service is configured with a virtual IP address that is redirected (via kube-proxy) to the HTTPS endpoint on the apiserver.

There are two primary communication paths from the master (apiserver) to the cluster. The first is from the apiserver to the kubelet process which runs on each node in the cluster. The second is from the apiserver to any node, pod, or service through the apiserver’s proxy functionality.

Additionally, you can find out more about communication within the cluster by reading master-node-communication and control-plane-node-communication.

https://www.reddit.com/r/kubernetes/comments/18vou42/comment/kfx8i5l/?utm_source=share&utm_medium=web2x&context=3

After struggling a freaking lot to understand this simple concept, I finally got it. There is nothing special about the "advertising" word here. The ip address you specify with --advertise-address is only used to show it in the OpenAPI manifest you get by running kubectl get --raw /openapi/v2. Apart from that, it is also used as the bind address when the --bind-address option is not specified. I had to ask someone to take a look at the source code of the api server to know this and seriously, this is what it's all about.

The bind address is obviously the one you have to specify in other components to connect to the api server unless you are using a load balancer. If you are using a load balancer you'd specify the load balancer's ip address in the kubelet to connect to the api server, obviously. The bind addresss would be the ip address the load balancer redirects its network traffic to. The reason you have to specify such ip address is because in some cases you might have in your host multiple interfaces each with their own ip address and you want the api server to only answer to incoming requests if they come from a particular network interface.