Skip to content

Performance improvements and host network issue fixes #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Performance improvements and host network issue fixes #16

wants to merge 9 commits into from

Conversation

@OXERY
Copy link

@OXERY OXERY commented Aug 19, 2025

Came across the PR #12 today and updated it with a few performance optimizations.
The script now doesn't loop through all Docker events anymore, as this uses pretty much one CPU core on larger systems. Filters for relevant events and the monitoredLabel exist, so that only events relevant for this tool are subscribed, including the stop event, @mbrodala introduced in his PR.
Also, this fixes #13 as from now on, connecting traefik to the network host is forbidden. (Could be made configurable, but I think connecting traefik to network_mode: host should be a manual action either way.)

mbrodala and others added 5 commits June 27, 2025 09:35
@mbrodala
fix(main): disconnect networks early on "stop"
0707976 
This reduces the chance of having dangling networks left. This can happen if all services are removed from a network and the network is automatically removed as is the case with e.g. "docker compose down". If Traefik does not leave a network quickly enough, the network is left unchanged because it is still "in use".
@OXERY
Merge pull request #1 from mbrodala/patch-1
ffc75c5 
fix(main): disconnect networks early on "stop"
Performance optimizations
aad7b99
Disallow host network connections
9a371cd
Removed unnecessary regex check
a260b1b
@mbrodala
Copy link
Contributor

mbrodala commented Sep 3, 2025

@OXERY Can you publish a custom Docker image for easier testing?

@obeone Can you also have a look at this? Personally I experience a freezes in my UI from time and see the connector entrypoint using the CPU considerably.

@AlexT59
Copy link

AlexT59 commented Sep 23, 2025

This PR seems very good to me and significantly reduces CPU consumption (from ~5% to 0% when idle).

@OXERY
Copy link
Author

OXERY commented Sep 24, 2025

@OXERY Can you publish a custom Docker image for easier testing?

@obeone Can you also have a look at this? Personally I experience a freezes in my UI from time and see the connector entrypoint using the CPU considerably.

Sorry wasn't notified about this @mbrodala - there is already an image present: https://github.com/OXERY/traefik_network_connector/pkgs/container/traefik_network_connector

@mbrodala
Copy link
Contributor

mbrodala commented Sep 25, 2025

@OXERY Maybe I'm missing something but how can one use this image? No matter what I try, I don't get a valid image name format. 🤔

@OXERY
Copy link
Author

OXERY commented Sep 25, 2025
edited
Loading

@mbrodala Does pulling fail?

$ docker pull ghcr.io/oxery/traefik_network_connector
Using default tag: latest
latest: Pulling from oxery/traefik_network_connector
9a6263cdeaa5: Already exists 
3cd5add3ba33: Pull complete 
7b5dfa58994b: Pull complete 
36d983c178a0: Pull complete 
d8cd15c64fdd: Pull complete 
034fc0e69898: Pull complete 
81dcc49f9c60: Pull complete 
e920d58f2049: Pull complete 
Digest: sha256:f61df4e34838fa3456dd9e87cfa8b3e029997d38e2bd9b5557911d401f578d34
Status: Downloaded newer image for ghcr.io/oxery/traefik_network_connector:latest
ghcr.io/oxery/traefik_network_connector:latest

@mbrodala
Copy link
Contributor

mbrodala commented Sep 25, 2025
edited
Loading

Works this way, seems like trying to get an image name including SHA-checksum didn't work out. This is what I wanted:

ghcr.io/oxery/traefik_network_connector:latest@sha256:f61df4e34838fa3456dd9e87cfa8b3e029997d38e2bd9b5557911d401f578d34

@mbrodala
Copy link
Contributor

mbrodala commented Sep 25, 2025

In any case it looks very well at the first sight. The latest version causes CPU spikes of ~15% every 2 seconds. Your version is basically at 0% all the time. :-)

@OXERY
Copy link
Author

OXERY commented Sep 25, 2025

@mbrodala Nice you got it working! The black magic of cpu usage basically is: subscribe only to Docker topics you need 😊

@obeone
Copy link
Owner

obeone commented Sep 25, 2025

Hi,

I'm deeply sorry, I try to review this PR as soon as possible

@AlexT59
Copy link

AlexT59 commented Sep 27, 2025
edited
Loading

It seems that the monitoredLabel provided in the configuration is not used in the function connect_to_all_relevant_networks. Same for disconnect_traefik_from_network. Maybe we can solve this bug with this PR too ?

@OXERY
Copy link
Author

OXERY commented Sep 27, 2025

@AlexT59 imho, I don't even think you'd need to make monitoredLabel configurable - but as I'm not the author of the project, I didn't want to interfer with the general logic.

What is the benefit of the config variable monitoredLabel now that this PR simply does the same string comparison as the rest of the code?

@AlexT59
Copy link

AlexT59 commented Sep 27, 2025
edited
Loading

No problem, I can create a separate PR if you want, as it is already configurable but is not used everywhere.

I'm using the Sablier middleware, and it requires configuring Traefik using dynamic files rather than Docker labels.

So I can't use the "traefik.enable" label, as that would create a new service. To work around this while still attaching the container's network to Traefik, I use the "traefik.connect" label (which is not recognised by Traefik).

@OXERY
Copy link
Author

OXERY commented Sep 28, 2025

Hi @AlexT59, that sounds useful, indeed :) Also Sablier looks interesting - will put it on my Todo 👍
I'll see if I can update this PR shortly, also regarding the Merge Conflicts

@OXERY
Copy link
Author

OXERY commented Sep 28, 2025

Ok should be done & therefore ready 4 review by @obeone :)

@obeone
Copy link
Owner

obeone commented Sep 28, 2025

@OXERY   Wait, actually I'm working on another version that's kind of in between. I'll submit it for your review. You can tell me what you think.

@AlexT59
Copy link

AlexT59 commented Sep 28, 2025

@OXERY Thanks for the quick update, but I think you forgot to update the config.py file to load the new monitoredLabelCondition field from the configuration.

@OXERY
Copy link
Author

OXERY commented Sep 28, 2025

@AlexT59 My bad - shouldn't code without enough caffeine. Fixed hopefully (TM)

obeone pushed a commit that referenced this pull request Nov 18, 2025
@claude
fix(core): improve PR #16 with bug fixes and security enhancements
36d1a42 
This commit addresses several issues found during PR #16 analysis:

1. Fix cache management bug: Replace `del` with `pop()` to prevent
   KeyError when processing sequential stop/die events on same container

2. Add explicit security warning: Log warning message when attempting
   to connect to 'host' network, improving visibility of security blocks

3. Add configuration validation: Validate monitoredLabel and
   monitoredLabelCondition are not empty at startup to fail fast

These changes improve robustness and security of the PR #16 implementation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ignore host network

4 participants

@OXERY @mbrodala @AlexT59 @obeone