From b4847d74bc94e230089ac70a80054a6cdf376e37 Mon Sep 17 00:00:00 2001
From: Evgenii Domashenkin <75170874+xe-leon@users.noreply.github.com>
Date: Mon, 20 Oct 2025 16:24:05 +0300
Subject: [PATCH] Do not fail when pod is not found in K8sAttributesDetector
---
.../observability/logs-and-accesslogs.md | 36 ++++++++++-
.../observability/metrics.md | 18 +++++-
.../observability/tracing.md | 62 ++++++++++++-------
pkg/types/k8sdetector.go | 2 +-
4 files changed, 91 insertions(+), 27 deletions(-)
diff --git a/docs/content/reference/install-configuration/observability/logs-and-accesslogs.md b/docs/content/reference/install-configuration/observability/logs-and-accesslogs.md
index cbb84a227..7fab52d14 100644
--- a/docs/content/reference/install-configuration/observability/logs-and-accesslogs.md
+++ b/docs/content/reference/install-configuration/observability/logs-and-accesslogs.md
@@ -102,7 +102,7 @@ log:
| Field | Description | Default | Required |
|:---------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|:---------|
| `log.otlp.serviceName` | Service name used in selected backend. | "traefik" | No |
-| `log.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No |
+| `log.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. See [resourceAttributes](#resourceattributes) for details. | [] | No |
| `log.otlp.http` | This instructs the exporter to send logs to the OpenTelemetry Collector using HTTP. | | No |
| `log.otlp.http.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`://:`) | `https://localhost:4318/v1/logs` | No |
| | Additional headers sent with logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
@@ -121,6 +121,22 @@ log:
| `log.otlp.grpc.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No |
| `log.otlp.grpc.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
+#### resourceAttributes
+
+The `resourceAttributes` option allows setting the resource attributes sent along the traces.
+Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
+
+!!! info "Kubernetes Resource Attributes Detection"
+
+ Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
+
+ - `k8s.namespace.name`
+ - `k8s.pod.uid`
+ - `k8s.pod.name`
+
+ Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
+ In this case, you should provide the attributes with the option or the env variable.
+
## AccessLogs
Access logs concern everything that happens to the requests handled by Traefik.
@@ -263,7 +279,7 @@ accesslog:
| Field | Description | Default | Required |
|:---------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|:---------|
| `accesslog.otlp.serviceName` | Defines the service name resource attribute. | "traefik" | No |
-| `accesslog.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No |
+| `accesslog.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. See [resourceAttributes](#resourceattributes_1) for details. | [] | No |
| `accesslog.otlp.http` | This instructs the exporter to send access logs to the OpenTelemetry Collector using HTTP. | | No |
| `accesslog.otlp.http.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`://:`) | `https://localhost:4318/v1/logs` | No |
| | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
@@ -282,6 +298,22 @@ accesslog:
| `accesslog.otlp.grpc.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.grpc.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
+#### resourceAttributes
+
+The `resourceAttributes` option allows setting the resource attributes sent along the traces.
+Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
+
+!!! info "Kubernetes Resource Attributes Detection"
+
+ Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
+
+ - `k8s.namespace.name`
+ - `k8s.pod.uid`
+ - `k8s.pod.name`
+
+ Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
+ In this case, you should provide the attributes with the option or the env variable.
+
### Traefik CLF format fields
It's the default format provided by Traefik.
diff --git a/docs/content/reference/install-configuration/observability/metrics.md b/docs/content/reference/install-configuration/observability/metrics.md
index 23ecb2cc9..595fb9892 100644
--- a/docs/content/reference/install-configuration/observability/metrics.md
+++ b/docs/content/reference/install-configuration/observability/metrics.md
@@ -64,7 +64,7 @@ metrics:
|:-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------|:---------|
| `metrics.addInternals` | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No |
| `metrics.otlp.serviceName` | Defines the service name resource attribute. | "traefik" | No |
-| `metrics.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No |
+| `metrics.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. See [resourceAttributes](#resourceattributes) for details. | [] | No |
| `metrics.otlp.addEntryPointsLabels` | Enable metrics on entry points. | true | No |
| `metrics.otlp.addRoutersLabels` | Enable metrics on routers. | false | No |
| `metrics.otlp.addServicesLabels` | Enable metrics on services. | true | No |
@@ -86,6 +86,22 @@ metrics:
| `metrics.otlp.grpc.tls.key` | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.
Setting the sub-options with their default values. | null/false | No |
| `metrics.otlp.grpc.tls.insecureskipverify` | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
+### resourceAttributes
+
+The `resourceAttributes` option allows setting the resource attributes sent along the traces.
+Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
+
+!!! info "Kubernetes Resource Attributes Detection"
+
+ Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
+
+ - `k8s.namespace.name`
+ - `k8s.pod.uid`
+ - `k8s.pod.name`
+
+ Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
+ In this case, you should provide the attributes with the option or the env variable.
+
## Vendors
### Datadog
diff --git a/docs/content/reference/install-configuration/observability/tracing.md b/docs/content/reference/install-configuration/observability/tracing.md
index be2c499a9..c3748e5f1 100644
--- a/docs/content/reference/install-configuration/observability/tracing.md
+++ b/docs/content/reference/install-configuration/observability/tracing.md
@@ -36,27 +36,43 @@ tracing: {}
## Configuration Options
-| Field | Description | Default | Required |
-|:-------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------|:---------|
-| `tracing.addInternals` | Enables tracing for internal resources (e.g.: `ping@internal`). | false | No |
-| `tracing.serviceName` | Defines the service name resource attribute. | "traefik" | No |
-| `tracing.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No |
-| `tracing.sampleRate` | The proportion of requests to trace, specified between 0.0 and 1.0. | 1.0 | No |
-| | Defines the list of request headers to add as attributes.
It applies to client and server kind spans. | [] | No |
-| | Defines the list of response headers to add as attributes.
It applies to client and server kind spans. | [] | False |
-| `tracing.safeQueryParams` | By default, all query parameters are redacted.
Defines the list of query parameters to not redact. | [] | No |
-| `tracing.otlp.http` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.
Setting the sub-options with their default values. | null/false | No |
+| Field | Description | Default | Required |
+|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------|:---------|
+| `tracing.addInternals` | Enables tracing for internal resources (e.g.: `ping@internal`). | false | No |
+| `tracing.serviceName` | Defines the service name resource attribute. | "traefik" | No |
+| `tracing.resourceAttributes` | Defines additional resource attributes to be sent to the collector. See [resourceAttributes](#resourceattributes) for details. | [] | No |
+| `tracing.sampleRate` | The proportion of requests to trace, specified between 0.0 and 1.0. | 1.0 | No |
+| | Defines the list of request headers to add as attributes.
It applies to client and server kind spans. | [] | No |
+| | Defines the list of response headers to add as attributes.
It applies to client and server kind spans. | [] | False |
+| `tracing.safeQueryParams` | By default, all query parameters are redacted.
Defines the list of query parameters to not redact. | [] | No |
+| `tracing.otlp.http` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.
Setting the sub-options with their default values. | null/false | No |
| `tracing.otlp.http.endpoint` | URL of the OpenTelemetry Collector to send tracing to.
Format="`://:`" | "https://localhost:4318/v1/tracing" | Yes |
-| | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | | No |
-| `tracing.otlp.http.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No |
-| `tracing.otlp.http.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No |
-| `tracing.otlp.http.tls.key` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.
Setting the sub-options with their default values. | ""null/false "" | No |
-| `tracing.otlp.http.tls.insecureskipverify` | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
-| `tracing.otlp.grpc` | This instructs the exporter to send tracing to the OpenTelemetry Collector using gRPC. | false | No |
-| `tracing.otlp.grpc.endpoint` | Address of the OpenTelemetry Collector to send tracing to.
Format="`:`" | "localhost:4317" | Yes |
-| | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | [] | No |
-| `tracing.otlp.grpc.insecure` | Allows exporter to send tracing to the OpenTelemetry Collector without using a secured protocol. | false | Yes |
-| `tracing.otlp.grpc.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No |
-| `tracing.otlp.grpc.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No |
-| `tracing.otlp.grpc.tls.key` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.
Setting the sub-options with their default values. | ""null/false "" | No |
-| `tracing.otlp.grpc.tls.insecureskipverify` | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
+| | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | | No |
+| `tracing.otlp.http.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No |
+| `tracing.otlp.http.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No |
+| `tracing.otlp.http.tls.key` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.
Setting the sub-options with their default values. | ""null/false "" | No |
+| `tracing.otlp.http.tls.insecureskipverify` | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
+| `tracing.otlp.grpc` | This instructs the exporter to send tracing to the OpenTelemetry Collector using gRPC. | false | No |
+| `tracing.otlp.grpc.endpoint` | Address of the OpenTelemetry Collector to send tracing to.
Format="`:`" | "localhost:4317" | Yes |
+| | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | [] | No |
+| `tracing.otlp.grpc.insecure` | Allows exporter to send tracing to the OpenTelemetry Collector without using a secured protocol. | false | Yes |
+| `tracing.otlp.grpc.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No |
+| `tracing.otlp.grpc.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No |
+| `tracing.otlp.grpc.tls.key` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.
Setting the sub-options with their default values. | ""null/false "" | No |
+| `tracing.otlp.grpc.tls.insecureskipverify` | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
+
+## resourceAttributes
+
+The `resourceAttributes` option allows setting the resource attributes sent along the traces.
+Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
+
+!!! info "Kubernetes Resource Attributes Detection"
+
+ Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
+
+ - `k8s.namespace.name`
+ - `k8s.pod.uid`
+ - `k8s.pod.name`
+
+ Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
+ In this case, you should provide the attributes with the option or the env variable.
diff --git a/pkg/types/k8sdetector.go b/pkg/types/k8sdetector.go
index a095f2e49..3031783ee 100644
--- a/pkg/types/k8sdetector.go
+++ b/pkg/types/k8sdetector.go
@@ -53,7 +53,7 @@ func (K8sAttributesDetector) Detect(ctx context.Context) (*resource.Resource, er
podNamespace := string(podNamespaceBytes)
pod, err := client.CoreV1().Pods(podNamespace).Get(ctx, podName, metav1.GetOptions{})
- if err != nil && kerror.IsForbidden(err) {
+ if err != nil && (kerror.IsForbidden(err) || kerror.IsNotFound(err)) {
log.Error().Err(err).Msg("Unable to build K8s resource attributes for Traefik pod")
return resource.Empty(), nil
}