To allow monitoring tools to collect metrics from your etcd database, you need to explicitly expose the etcd metrics endpoint. Here’s how to do it:
  1. Create a patch file named etcd-metrics-patch.yaml that exposes the etcd metrics endpoint on port:2381, accessible from all network interfaces 
    cat << EOF > etcd-metrics-patch.yaml
- op: add
path: /cluster/etcd/extraArgs
value:
    listen-metrics-urls: http://0.0.0.0:2381
EOF
  2. Create a CP_IPS variable that contains the IP addresses of your control plane nodes: 
    CP_IPS="<control-plane-ip-1>,<control-plane-ip-2>,<control-plane-ip-3>"
  3. Ensure you are in your project’s directory and apply the etcd-metrics-patch.yaml patch to your control plane nodes. 
    talosctl patch machineconfig \
--patch @etcd-metrics-patch.yaml \
--endpoints $CP_IPS \
--nodes $CP_IPS \
--talosconfig=./talosconfig
    Note: You can also export your TALOSCONFIG variable and then remove the --talosconfig=./talosconfig flag in the patch command above.
  4. Reboot the nodes. Note that if you have only one control plane node, rebooting it will cause cluster downtime. 
    for NODE in $(echo "${CP_IPS}" | tr ',' ' '); do
    echo "Rebooting control plane node: $NODE"
    talosctl reboot --endpoints "$NODE" --nodes "$NODE" --wait
done
  5. After the node reboots, run the following command to confirm that the etcd metrics endpoint is accessible: 
    CP_IP=$(echo $CP_IPS | cut -d',' -f1)
curl "${CP_IP}:2381/metrics"
  6. Secure your control plane IP addresses to prevent public access. See the Ingress Firewall guide for instructions on securing your control plane.