Expose the Etcd Metrics Endpoint

Documentation Index

Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt

Use this file to discover all available pages before exploring further.

1. Create a patch file named etcd-metrics-patch.yaml that exposes the etcd metrics endpoint on port:2381, accessible from all network interfaces
   cat << EOF > etcd-metrics-patch.yaml
   cluster:
     etcd:
       extraArgs:
         listen-metrics-urls: http://0.0.0.0:2381
   EOF
   
2. Create a CP_IPS variable that contains the IP addresses of your control plane nodes:
   CP_IPS="<control-plane-ip-1>,<control-plane-ip-2>,<control-plane-ip-3>"
   
3. Ensure you are in your project’s directory and apply the etcd-metrics-patch.yaml patch to your control plane nodes.
   talosctl patch machineconfig \
   --patch @etcd-metrics-patch.yaml \
   --endpoints $CP_IPS \
   --nodes $CP_IPS \
   --talosconfig=./talosconfig
   
   Note: You can also export your TALOSCONFIG variable and then remove the --talosconfig=./talosconfig flag in the patch command above.
4. Reboot the nodes. Note that if you have only one control plane node, rebooting it will cause cluster downtime.
   for NODE in $(echo "${CP_IPS}" | tr ',' ' '); do
       echo "Rebooting control plane node: $NODE"
       talosctl reboot --endpoints "$NODE" --nodes "$NODE" --wait
   done
   
5. After the node reboots, run the following command to confirm that the etcd metrics endpoint is accessible:
   CP_IP=$(echo $CP_IPS | cut -d',' -f1)
   curl "${CP_IP}:2381/metrics"
   
6. Secure your control plane IP addresses to prevent public access. See the Ingress Firewall guide for instructions on securing your control plane.