Disable HTTP on main etcd client port

[brandond]

Proposed Changes

Disable HTTP on main etcd client port. Only etcd v2 API used http, all v3 clients (etcdctl and kubernetes) use GRPC.

Fixes performance issue under load, ref:

• Etcd watch stream starvation under high read response load when sharing same connection and TLS is enabled etcd-io/etcd#15402
• Make etcd component status consistent with health probes kubernetes/kubernetes#118460

Fixes warning in logs on etcd nodes:

Sep 22 05:37:58 systemd-node-1 k3s[25599]: {"level":"warn","ts":"2023-09-22T05:37:58.756955Z","caller":"embed/config.go:673","msg":"Running http and grpc server on single port. This is not recommended for production."}

Types of Changes

bugfix

Verification

Check for absence of warning message.

Testing

Linked Issues

• Disable http/grpc mux for etcd #8415

User-Facing Change

Embedded etcd no longer serves http requests on the client port, only grpc. This addresses a performance issue that could cause watch stream starvation under load. For more information, see https://github.com/etcd-io/etcd/issues/15402

Further Comments

[codecov]

Codecov Report

Patch coverage: 66.66% and project coverage change: +4.18% 🎉

Comparison is base (6330a5b) 47.43% compared to head (dd2c728) 51.62%.
Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #8402      +/-   ##
==========================================
+ Coverage   47.43%   51.62%   +4.18%     
==========================================
  Files         143      143              
  Lines       14741    14750       +9     
==========================================
+ Hits         6992     7614     +622     
+ Misses       6643     5936     -707     
- Partials     1106     1200      +94     

Flag	Coverage Δ
e2etests	48.87% <71.42%> (?)
inttests	44.72% <66.66%> (-0.05%)	⬇️
unittests	19.84% <33.33%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
pkg/daemons/executor/executor.go	57.81% <ø> (ø)
pkg/etcd/etcd.go	45.63% <66.66%> (+4.34%)	⬆️

... and 39 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[matttrach]

so we are blocking these URLs by telling the system that we are using them, so that we can explicitly use them for GRPC later?

[brandond]

No. We are moving HTTP off to a separate port, so that the default client port is used for grpc only.

https://github.com/etcd-io/etcd/blob/7ed8970e2d43f9d44fdabe2d26f01869a36c6dd5/server/embed/config.go#L675-L677