Labels are ignored
broemp opened this issue · comments
Summary
I am using Labels to just get some Containers DNS entries, but TCC still creates entries for every container with a host rule.
But i can see in the logs that it recognised the label.
Steps to reproduce
Running Container with Traefik V2
Added following Env Variables (but tried default values too):
- TRAEFIK_FILTER_LABEL=public
- TRAEFIK_FILTER=true
What is the expected correct behavior?
TCC should only create DNS Entries for Container with the label public=true
Relevant logs and/or screenshots
2023-04-16T20:05:20+0200 DEBUG 302 | Called check_container_t2 for: <Container: id>
2023-04-16T20:05:20+0200 DEBUG 413 | Container List Discovery Loop
2023-04-16T20:05:20+0200 DEBUG 302 | Called check_container_t2 for: <Container: id>
2023-04-16T20:05:20+0200 DEBUG 312 | Found Container ID {id} with matching label public with value true
...
2023-04-16T20:05:20+0200 DEBUG 362 | Traefik Router Name: container@docker rule value: Host(`censored.domain.com`)
2023-04-16T20:05:20+0200 DEBUG 364 | Traefik Router Name: container@docker extracted domains from rule: ['censored.domain.com']
2023-04-16T20:05:20+0200 INFO 380 | Found Traefik Router Name: container@docker with Hostname censored.domain.com
2023-04-16T20:05:20+0200 DEBUG 362 | Traefik Router Name: api@docker rule value: Host(`traefik.domain.com`)
2023-04-16T20:05:20+0200 DEBUG 364 | Traefik Router Name: api@docker extracted domains from rule: ['traefik.domain.com']
2023-04-16T20:05:20+0200 INFO 380 | Found Traefik Router Name: api@docker with Hostname traefik.domain.com
...
2023-04-16T20:05:21+0200 INFO 187 | DRY-RUN: POST to Cloudflare *********************:, {'type': 'CNAME', 'name': 'censored.domain.com', 'content': 'domain.com', 'ttl': '1', 'proxied': True}
2023-04-16T20:05:21+0200 INFO 190 | Created new record: censored.domain.com to point to domain.com
2023-04-16T20:05:22+0200 INFO 187 | DRY-RUN: POST to Cloudflare *********************:, {'type': 'CNAME', 'name': 'traefik.domain.com', 'content': 'domain.com', 'ttl': '1', 'proxied': True}
2023-04-16T20:05:22+0200 INFO 190 | Created new record: traefik.domain.com to point to domain.com
Environment
- Image version / tag: 7.1.0/latest
- Host OS: Unraid
I tried to exclude all containers or to not include any and only have the label active, but it didn't work.
ENV
TRAEFIK_VERSION=2
DOMAIN1_PROXIED=true
ENABLE_TRAEFIK_POLL=true
TRAEFIK_POLL_URL=http://traefik:8080
DRY_RUN=true
REFRESH_ENTRIES=true
DOCKER_HOST=tcp://dockersocket-read:2375
TRAEFIK_FILTER_LABEL=public
TRAEFIK_FILTER=true
Looks like you have a couple potentially conflicting options set. Docker Host and Traefik Poll are two different tracks of fetching labels - Can you try with ENABLE_TRAEFIK_POLL=false and see if any different activity?
I will have to look into it deeper once I have a bit more details.
Thanks for the fast answer!
I set ENABLE_TRAEFIK_POLL=false, and it atleast removed the unwanted containers, but also the containers with the label.
So now no container gets a dns entry, but the logs still show that the label is recognised!
TRAEFIK_FILTER is only used on the docker container/services checks, docker labels cant be grabbed by traefik poll, they might be overriding the docker filtered list
(@tiredofit perhaps change their name to DOCKER_FILTER to reflect that?)
@broemp What are the logs when you disable the traefik polling?
These are the logs after removing traefik polling.
The unwanted containers are gone, but the labeld container doesn't get a dns entry either.
023-04-17.03:05:17 [NOTICE] ** [container-init] Detected Container that has been restarted - Cleaning '/tmp/.container' files
2023-04-17.03:05:17 [NOTICE] ** [monitoring] Container configured for monitoring with 'zabbix modern'
2023-04-17.03:05:17 [STARTING] ** [traefik-cloudflare-companion] [1] Starting Traefik Cloudflare Companion
2023-04-17.03:05:17 [STARTING] ** [monitoring] [1] Starting Zabbix Agent (modern) 6.4.1
2023-04-17T03:05:17+0200 DEBUG 452 | Setting environment variable 'CF_TOKEN' by docker secret 'CF_TOKEN_FILE'.
2023-04-17T03:05:17+0200 DEBUG 452 | Setting environment variable 'DOMAIN1_ZONE_ID' by docker secret 'DOMAIN1_ZONE_ID_FILE'.
2023-04-17T03:05:17+0200 DEBUG 511 | Docker Polling: True
2023-04-17T03:05:17+0200 DEBUG 512 | Swarm Mode: False
2023-04-17T03:05:17+0200 DEBUG 513 | Refresh Entries: True
2023-04-17T03:05:17+0200 DEBUG 514 | Traefik Version: 2
2023-04-17T03:05:17+0200 DEBUG 515 | Default TTL: 1
2023-04-17T03:05:17+0200 DEBUG 518 | API Mode: Scoped
2023-04-17T03:05:17+0200 DEBUG 537 | Traefik Polling Mode: False
2023-04-17T03:05:19+0200 DEBUG 110 | Domain Configuration: {'name': 'domain.com', 'proxied': True, 'zone_id': '*************************', 'ttl': '1', 'target_domain': 'home.domain.com', 'excluded_sub_domains': []}
2023-04-17T03:05:19+0200 DEBUG 133 | Traefik Host Includes: .*
2023-04-17T03:05:19+0200 DEBUG 408 | Starting Initialization Routines
2023-04-17T03:05:19+0200 DEBUG 413 | Container List Discovery Loop
2023-04-17T03:05:19+0200 DEBUG 302 | Called check_container_t2 for: <Container: aae574a8df>
2023-04-17T03:05:19+0200 DEBUG 413 | Container List Discovery Loop
2023-04-17T03:05:19+0200 DEBUG 302 | Called check_container_t2 for: <Container: c163b58de6>
2023-04-17T03:05:19+0200 DEBUG 413 | Container List Discovery Loop
2023-04-17T03:05:19+0200 DEBUG 302 | Called check_container_t2 for: <Container: e48720105f>
2023-04-17T03:05:19+0200 DEBUG 312 | Found Container ID e48720105f92a08c09c59a55e0a0e11be21dc01833fd94e68435337edc85953d with matching label traefik.constraint with value public
2023-04-17T03:05:19+0200 DEBUG 413 | Container List Discovery Loop
2023-04-17T03:05:19+0200 DEBUG 302 | Called check_container_t2 for: <Container: 5a8205d566>
2023-04-17T03:05:19+0200 DEBUG 413 | Container List Discovery Loop
2023-04-17T03:05:19+0200 DEBUG 302 | Called check_container_t2 for: <Container: 4cffc36e60>
2023-04-17T03:05:19+0200 DEBUG 413 | Container List Discovery Loop
2023-04-17T03:05:19+0200 DEBUG 302 | Called check_container_t2 for: <Container: 345f3ddfed>
2023-04-17T03:05:19+0200 DEBUG 413 | Container List Discovery Loop
2023-04-17T03:05:19+0200 DEBUG 302 | Called check_container_t2 for: <Container: d89a5e78a2>
2023-04-17T03:05:19+0200 DEBUG 413 | Container List Discovery Loop
2023-04-17T03:05:19+0200 DEBUG 302 | Called check_container_t2 for: <Container: ad4786a8f3>
2023-04-17T03:05:19+0200 DEBUG 557 | Starting event watch routines
2023-04-17T03:05:19+0200 DEBUG 561 | Time: 1681700719
2023-04-17T03:05:19+0200 DEBUG 302 | Called check_container_t2 for: <Container: 4f88057cb2>
2023-04-17T03:05:19+0200 DEBUG 302 | Called check_container_t2 for: <Container: 0a99f7ba46>
2023-04-17T03:05:19+0200 DEBUG 302 | Called check_container_t2 for: <Container: 5011682cc6>
2023-04-17T03:05:20+0200 DEBUG 302 | Called check_container_t2 for: <Container: eea854fc42>
2023-04-17T03:05:20+0200 DEBUG 302 | Called check_container_t2 for: <Container: 66947231d7>
2023-04-17T03:05:21+0200 DEBUG 302 | Called check_container_t2 for: <Container: 00cda6f2ae>
2023-04-17T03:05:21+0200 DEBUG 302 | Called check_container_t2 for: <Container: 1dc4deb0f3>
2023-04-17T03:05:21+0200 DEBUG 302 | Called check_container_t2 for: <Container: dd53768916>
2023-04-17T03:05:22+0200 DEBUG 302 | Called check_container_t2 for: <Container: 1df21f6866>
2023-04-17T03:05:22+0200 DEBUG 302 | Called check_container_t2 for: <Container: 05b362bfd3>
2023-04-17T03:05:23+0200 DEBUG 302 | Called check_container_t2 for: <Container: 74690b9882>
2023-04-17T03:05:23+0200 DEBUG 302 | Called check_container_t2 for: <Container: 50672d8e9f>
2023-04-17T03:05:23+0200 DEBUG 302 | Called check_container_t2 for: <Container: 856012d673>
2023-04-17T03:05:24+0200 DEBUG 302 | Called check_container_t2 for: <Container: e35730d425>
2023-04-17T03:05:24+0200 DEBUG 302 | Called check_container_t2 for: <Container: 7643def01f>
2023-04-17T03:05:25+0200 DEBUG 302 | Called check_container_t2 for: <Container: 1d4d7dcd6a>
2023-04-17T03:05:25+0200 DEBUG 302 | Called check_container_t2 for: <Container: 8cda661c4a>
2023-04-17T03:05:27+0200 DEBUG 302 | Called check_container_t2 for: <Container: fcb61bf0a2>
2023-04-17T03:05:27+0200 DEBUG 302 | Called check_container_t2 for: <Container: 1d0d2de98e>
2023-04-17T03:05:28+0200 DEBUG 302 | Called check_container_t2 for: <Container: 60c7f60249>
2023-04-17T03:05:28+0200 DEBUG 302 | Called check_container_t2 for: <Container: a28ce0e7a4>
2023-04-17T03:05:28+0200 DEBUG 302 | Called check_container_t2 for: <Container: 4be784349d>
2023-04-17T03:05:29+0200 DEBUG 302 | Called check_container_t2 for: <Container: af8db19ccb>
2023-04-17T03:05:29+0200 DEBUG 302 | Called check_container_t2 for: <Container: ff7274cf09>
2023-04-17T03:05:30+0200 DEBUG 302 | Called check_container_t2 for: <Container: 51bc1ea3b5>
2023-04-17T03:05:31+0200 DEBUG 302 | Called check_container_t2 for: <Container: abbb4908d2>
2023-04-17T03:05:31+0200 DEBUG 302 | Called check_container_t2 for: <Container: a5792cf471>
2023-04-17T03:05:32+0200 DEBUG 302 | Called check_container_t2 for: <Container: f713c02959>
2023-04-17T03:05:33+0200 DEBUG 302 | Called check_container_t2 for: <Container: 3eef06ccca>
2023-04-17T03:05:33+0200 DEBUG 302 | Called check_container_t2 for: <Container: e28387b50c>
2023-04-17T03:05:33+0200 DEBUG 302 | Called check_container_t2 for: <Container: ac96ff4a56>
2023-04-17T03:05:33+0200 DEBUG 302 | Called check_container_t2 for: <Container: 327ed6b56a>
2023-04-17T03:06:18+0200 DEBUG 302 | Called check_container_t2 for: <Container: b03a9887d6>
2023-04-17T03:08:32+0200 DEBUG 302 | Called check_container_t2 for: <Container: 8696233c2d>
2023-04-17T03:08:40+0200 DEBUG 302 | Called check_container_t2 for: <Container: 2d5f614ae2>
2023-04-17T04:01:18+0200 DEBUG 302 | Called check_container_t2 for: <Container: bd6ed81d96>
2023-04-17T05:00:54+0200 DEBUG 302 | Called check_container_t2 for: <Container: dffc537fa1>
2023-04-17T07:02:38+0200 DEBUG 302 | Called check_container_t2 for: <Container: 08772b3e95>
2023-04-17T07:02:41+0200 DEBUG 302 | Called check_container_t2 for: <Container: b48d93188f>
I'm seeing the same behavior where polling is also pulling in containers from docker and not just from file. I'm going to see if I can come up with an exclude regex for now to work around the issue.
Perhaps this line
could add an additional check of contains@file or exclude @docker?