While taking the first practice test in the Networking section, I noticed that ETCD listens on ports 2379, 2380, and 2381. However, there’s no mention of it in the explanation. I think it’s important to mention what it’s for, since the other 2 ports are expanded on:
Cheers.
I believe port 2381 is used for monitoring etcd, at least if you’ve installed etcd via a kubeadm install:
Port 2381/TCP (etcd): In kubeadm, this port is used for etcd metrics. It listens only on localhost, but does not require authentication or encryption on connection.
Whether this is a good idea or not depends upon how well locked down your cluster is.
This does appear to be the case in my local minikube cluster. The flags tell you what the ports are doing:
- --listen-client-urls=https://127.0.0.1:2379,https://192.168.105.14:2379
- --listen-metrics-urls=http://127.0.0.1:2381
- --listen-peer-urls=https://192.168.105.14:2380
I’m not sure if 2381 is an “official” etcd port, but clearly some distributions use it for metrics. Note that it’s at localhost and is not encrypted, as the note above said as well.
I saw a PR on Rancher to add that port to their documentation - August 2023. So it seems to be official though I have no documentation to support my hypothesis…
If you do what I did and tried to search the etcd website, you’ll find that 2381 gets no hits on the site. So I suspect that the default behavior of putting metrics on 2379 doesn’t work for some folks that bundle etcd, and it’s become “a thing”. As you can see from the minikube example, it’s easy enough to get etcd to listen on another port to handle metrics, be that 2381 or be it some other port.
Interestingly, I see the port in a plain kind cluster:
$ kind create cluster --name zzz
$ k config current-context
kind-zzz
$ k -n kube-system get po
NAME READY STATUS RESTARTS AGE
coredns-5d78c9869d-946sm 1/1 Running 0 2m4s
coredns-5d78c9869d-q7wtb 1/1 Running 0 2m4s
etcd-zzz-control-plane 1/1 Running 0 2m19s
kindnet-9dgwv 1/1 Running 0 2m5s
kube-apiserver-zzz-control-plane 1/1 Running 0 2m19s
kube-controller-manager-zzz-control-plane 1/1 Running 0 2m19s
kube-proxy-6c95g 1/1 Running 0 2m5s
kube-scheduler-zzz-control-plane 1/1 Running 0 2m19s
$ docker exec -it zzz-control-plane bash
root@zzz-control-plane:/# ss -plunta|egrep etcd|awk '{print $5}'|sort|uniq -c
59 127.0.0.1:2379
1 127.0.0.1:2381
1 127.0.0.1:54430
2 172.20.0.8:2379
1 172.20.0.8:2380
1 172.20.0.8:49888
It must be officially sanctioned somewhere… But where??? I concur that a google search for: 2381 site:etcd.io results in just 2 hits and 2381 is not mentioned in either - 
Maybe KinD have recompiled their own version of etcd where port 2381 is enabled…
I’ll ignore it for now…
It doesn’t need to be officially enabled; you just have to use --listen-metrics-urls=http://127.0.0.1:2381. Thinking that the kubeadm people decided to do it. It may not be official, but it’s logical.
Aha. That’s the bit I was missing. So, it’s just another flag that can be enabled meaning that it isn’t mentioned at etcd.io as the port to use is left to the discretion of the cluster admin and hence could be anything as long as it’s >1023.
@Alistair_KodeKloud that URI is giving me the Github “This is not the web page you are looking for” 404 screen 
Jedi.
Running this command from the controlplane node returns the Prometheus style metrics: