Internet-Security.com TCP port 2379 details

TCP port 2379 is the default client API port for etcd, the distributed key-value store maintained by the CNCF.
Kubernetes uses etcd for cluster state; the kube-apiserver connects to etcd on 2379 in self-managed setups and distributions such as kubeadm-based clusters, Rancher RKE, Red Hat OpenShift, and k3s when using embedded or external etcd.
Networking and DNS components commonly talk to etcd on 2379, including Flannel (for network configuration) and the CoreDNS etcd plugin (for DNS records stored in etcd).
PostgreSQL high availability with Patroni can use etcd as the distributed configuration store, communicating on 2379.
Some platforms historically integrated etcd on 2379 internally (e.g., Cloud Foundry), while managed Kubernetes services (GKE, EKS, AKS, OpenShift) keep it internal and not internet-exposed.
Current etcd defaults are 2379 for client traffic and 2380 for peer traffic (older versions previously used ports like 4001/7001).
Hacking/exploitation: Attackers scan for exposed etcd on 2379; misconfigured instances without TLS/auth have been ransomed or looted for Kubernetes secrets and cloud credentials, and abused for cryptomining deployments.

TCP 2379