conntrack-fixer: don't listen to 8080

Otherwise, we take port from Traefik. Also, this makes the healthcheck ineffective. Maybe there is a way to escape from the network namespace we are put in just for conntrack, but I don't see exactly how without doing complicated stuff (like using Docker to spawn a process inside the host namespace and communicate with it, or even steal the namespace from it, this seems overkill).
akvorado · Aug 5, 2022 · 2337b1c · 2337b1c
1 parent e01f719
commit 2337b1c
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/cmd/conntrack-fixer.go b/cmd/conntrack-fixer.go
@@ -32,7 +32,9 @@ containers started with the label "akvorado.conntrack.fix=1".`,
 		if err != nil {
 			return fmt.Errorf("unable to initialize daemon component: %w", err)
 		}
-		httpComponent, err := http.New(r, http.DefaultConfiguration(), http.Dependencies{
+		httpConfiguration := http.DefaultConfiguration()
+		httpConfiguration.Listen = "127.0.0.1:0" // Run inside host network namespace, can't use 8080
+		httpComponent, err := http.New(r, httpConfiguration, http.Dependencies{
 			Daemon: daemonComponent,
 		})
 		if err != nil {

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -110,6 +110,8 @@ services:
     command: conntrack-fixer
     restart: unless-stopped
     network_mode: host
+    healthcheck:
+      disable: true
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
   # Remove the following exporters if you don't want to get demo data.