Closed
Description
Expected result
Associate and enrich ResourceProfile.Attribute with additional k8s information based on container.id.
Component(s)
processor/k8sattributes
What happened?
Using the container ID starting with 581f3ac4 as an example.
This container ID is known by kubectl:
$ kubectl get pods --all-namespaces -o jsonpath='{range .items[*]}{range .status.containerStatuses[*]}{.containerID}{"\n"}{end}{end}' | grep 581f3ac4745d68495d71651b76e5ff19f42be92323c25d9281120d3594931a88
containerd://581f3ac4745d68495d71651b76e5ff19f42be92323c25d9281120d3594931a88
From debug logs of k8sattributes one can also tell, that it was detected in some way:
2025-06-16T14:09:37.044163599Z 2025-06-16T14:09:37.044Z debug k8sattributesprocessor@v0.128.0/processor.go:143 evaluating pod identifier {"resource": {"service.instance.id": "851203be-4a32-4115-aa09-bb73bfe7e1d8", "service.name": "otelcol-ebpf-profiler", "service.version": "0.128.0"}, "otelcol.component.id": "k8sattributes", "otelcol.component.kind": "processor", "otelcol.pipeline.id": "profiles", "otelcol.signal": "profiles", "value": [{"Source":{"From":"resource_attribute","Name":"container.id"},"Value":"581f3ac4745d68495d71651b76e5ff19f42be92323c25d9281120d3594931a88"},{"Source":{"From":"","Name":""},"Value":""},{"Source":{"From":"","Name":""},"Value":""},{"Source":{"From":"","Name":""},"Value":""}]}
But looking at the debug output of the exporter, resource attributes were not enriched based on the container.id:
[..]
2025-06-16T14:09:37.081041887Z ResourceProfiles #3
2025-06-16T14:09:37.081046047Z Resource SchemaURL: https://opentelemetry.io/schemas/1.6.1
2025-06-16T14:09:37.081047762Z Resource attributes:
2025-06-16T14:09:37.081049321Z -> container.id: Str(581f3ac4745d68495d71651b76e5ff19f42be92323c25d9281120d3594931a88)
2025-06-16T14:09:37.081050896Z -> host.name: Str(otelcol-profiler-2bgb5)
2025-06-16T14:09:37.081052521Z -> os.type: Str(linux)
2025-06-16T14:09:37.081053973Z ScopeProfiles #0
[..]
Collector version
v0.128.0
Environment information
OpenTelemetry Collector configuration
receivers:
profiling:
SamplesPerSecond: 19
processors:
resourcedetection:
detectors: [ system ]
system:
hostname_sources: [ "os" ]
resource_attributes:
host.id:
enabled: true
host.name:
enabled: true
os.type:
enabled: true
k8sattributes:
auth_type: "serviceAccount"
passthrough: false
filter:
# only retrieve pods running on the same node as the collector
node_from_env_var: KUBERNETES_NODE_NAME
extract:
# The attributes provided in 'metadata' will be added to associated resources
metadata:
- k8s.pod.name
- k8s.pod.uid
- k8s.deployment.name
- k8s.namespace.name
- k8s.node.name
- k8s.pod.start_time
- service.namespace
- service.name
- service.version
- service.instance.id
labels:
# This label extraction rule takes the value 'app.kubernetes.io/component' label and maps it to the 'app.label.component' attribute which will be added to the associated resources
- tag_name: app.label.component
key: app.kubernetes.io/component
from: pod
otel_annotations: true
pod_association:
- sources:
# This rule associates all resources containing the 'container.id' attribute with the matching pods. If this attribute is not present in the resource, this rule will not be able to find the matching pod.
- from: resource_attribute
name: container.id
exporters:
debug:
verbosity: detailed
service:
telemetry:
logs:
level: debug # Set the global logging level to debug
pipelines:
profiles:
receivers: [ profiling ]
processors: [ resourcedetection, k8sattributes ]
exporters: [ debug ]Log output
Additional context
used manifest.yaml
---
apiVersion: v1
kind: Namespace
metadata:
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged
name: otelcol-profiler
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: otelcol-profiler
namespace: otelcol-profiler
rules:
- apiGroups:
- ""
resources:
- nodes
- pods
- namespaces
- endpoints
- services
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: otelcol-profiler
namespace: otelcol-profiler
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: otelcol-profiler
subjects:
- kind: ServiceAccount
name: otelcol-profiler
namespace: otelcol-profiler
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: otelcol-profiler
name: otelcol-profiler
spec:
selector:
matchLabels:
app: otelcol-profiler
template:
metadata:
spec:
hostPID: true
containers:
- name: otelcol-profiler
image: flehner/testing:20250616011
securityContext:
procMount: "Unmasked"
privileged: true
capabilities:
add:
- SYS_ADMIN
resources:
limits:
memory: 500Mi
cpu: "2"
requests:
memory: 500Mi
cpu: "2"
env:
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: debugfs
mountPath: /sys/kernel/debug
serviceAccountName: otelcol-profiler
volumes:
- name: debugfs
hostPath:
path: /sys/kernel/debug
type: Directory
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: otelcol-profiler
namespace: otelcol-profiler