OpenTelemetry¶
Traefik Proxy follows official OpenTelemetry semantic conventions v1.26.0.
To enable the OpenTelemetry tracer:
tracing:
otlp: {}[tracing]
[tracing.otlp]--tracing.otlp=trueDefault protocol
The OpenTelemetry trace exporter will export traces to the collector using HTTP by default to https://localhost:4318/v1/traces, see the gRPC Section to use gRPC.
Trace sampling
By default, the OpenTelemetry trace exporter will sample 100% of traces.
See OpenTelemetry's SDK configuration to customize the sampling strategy.
Propagation
Traefik supports the OTEL_PROPAGATORS env variable to set up the propragators. The supported propagators are:
- tracecontext (default)
- baggage (default)
- b3
- b3multi
- jaeger
- xray
- ottrace
Example of configuration:
OTEL_PROPAGATORS=b3,jaeger
HTTP configuration¶
Optional
This instructs the exporter to send spans to the OpenTelemetry Collector using HTTP.
tracing:
otlp:
http: {}[tracing]
[tracing.otlp.http]--tracing.otlp.http=trueendpoint¶
Required, Default="http://localhost:4318/v1/traces", Format="<scheme>://<host>:<port><path>"
URL of the OpenTelemetry Collector to send spans to.
tracing:
otlp:
http:
endpoint: http://localhost:4318/v1/traces[tracing]
[tracing.otlp.http]
endpoint = "http://localhost:4318/v1/traces"--tracing.otlp.http.endpoint=http://localhost:4318/v1/tracesheaders¶
Optional, Default={}
Additional headers sent with traces by the exporter to the OpenTelemetry Collector.
tracing:
otlp:
http:
headers:
foo: bar
baz: buz[tracing]
[tracing.otlp.http.headers]
foo = "bar"
baz = "buz"--tracing.otlp.http.headers.foo=bar --tracing.otlp.http.headers.baz=buztls¶
Optional
Defines the Client TLS configuration used by the exporter to send spans to the OpenTelemetry Collector.
ca¶
Optional
ca is the path to the certificate authority used for the secure connection to the OpenTelemetry Collector,
it defaults to the system bundle.
tracing:
otlp:
http:
tls:
ca: path/to/ca.crt[tracing.otlp.http.tls]
ca = "path/to/ca.crt"--tracing.otlp.http.tls.ca=path/to/ca.crtcert¶
Optional
cert is the path to the public certificate used for the secure connection to the OpenTelemetry Collector.
When using this option, setting the key option is required.
tracing:
otlp:
http:
tls:
cert: path/to/foo.cert
key: path/to/foo.key[tracing.otlp.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"--tracing.otlp.http.tls.cert=path/to/foo.cert
--tracing.otlp.http.tls.key=path/to/foo.keykey¶
Optional
key is the path to the private key used for the secure connection to the OpenTelemetry Collector.
When using this option, setting the cert option is required.
tracing:
otlp:
http:
tls:
cert: path/to/foo.cert
key: path/to/foo.key[tracing.otlp.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"--tracing.otlp.http.tls.cert=path/to/foo.cert
--tracing.otlp.http.tls.key=path/to/foo.keyinsecureSkipVerify¶
Optional, Default=false
If insecureSkipVerify is true,
the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.
tracing:
otlp:
http:
tls:
insecureSkipVerify: true[tracing.otlp.http.tls]
insecureSkipVerify = true--tracing.otlp.http.tls.insecureSkipVerify=truegRPC configuration¶
Optional
This instructs the exporter to send spans to the OpenTelemetry Collector using gRPC.
tracing:
otlp:
grpc: {}[tracing]
[tracing.otlp.grpc]--tracing.otlp.grpc=trueendpoint¶
Required, Default="localhost:4317", Format="<host>:<port>"
Address of the OpenTelemetry Collector to send spans to.
tracing:
otlp:
grpc:
endpoint: localhost:4317[tracing]
[tracing.otlp.grpc]
endpoint = "localhost:4317"--tracing.otlp.grpc.endpoint=localhost:4317insecure¶
Optional, Default=false
Allows exporter to send spans to the OpenTelemetry Collector without using a secured protocol.
tracing:
otlp:
grpc:
insecure: true[tracing]
[tracing.otlp.grpc]
insecure = true--tracing.otlp.grpc.insecure=trueheaders¶
Optional, Default={}
Additional headers sent with traces by the exporter to the OpenTelemetry Collector.
tracing:
otlp:
grpc:
headers:
foo: bar
baz: buz[tracing]
[tracing.otlp.grpc.headers]
foo = "bar"
baz = "buz"--tracing.otlp.grpc.headers.foo=bar --tracing.otlp.grpc.headers.baz=buztls¶
Optional
Defines the Client TLS configuration used by the exporter to send spans to the OpenTelemetry Collector.
ca¶
Optional
ca is the path to the certificate authority used for the secure connection to the OpenTelemetry Collector,
it defaults to the system bundle.
tracing:
otlp:
grpc:
tls:
ca: path/to/ca.crt[tracing.otlp.grpc.tls]
ca = "path/to/ca.crt"--tracing.otlp.grpc.tls.ca=path/to/ca.crtcert¶
Optional
cert is the path to the public certificate used for the secure connection to the OpenTelemetry Collector.
When using this option, setting the key option is required.
tracing:
otlp:
grpc:
tls:
cert: path/to/foo.cert
key: path/to/foo.key[tracing.otlp.grpc.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"--tracing.otlp.grpc.tls.cert=path/to/foo.cert
--tracing.otlp.grpc.tls.key=path/to/foo.keykey¶
Optional
key is the path to the private key used for the secure connection to the OpenTelemetry Collector.
When using this option, setting the cert option is required.
tracing:
otlp:
grpc:
tls:
cert: path/to/foo.cert
key: path/to/foo.key[tracing.otlp.grpc.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"--tracing.otlp.grpc.tls.cert=path/to/foo.cert
--tracing.otlp.grpc.tls.key=path/to/foo.keyinsecureSkipVerify¶
Optional, Default=false
If insecureSkipVerify is true,
the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.
tracing:
otlp:
grpc:
tls:
insecureSkipVerify: true[tracing.otlp.grpc.tls]
insecureSkipVerify = true--tracing.otlp.grpc.tls.insecureSkipVerify=true