Docker swarm mode doesn't seem to work

[RomRider]

Context:

• 3 nodes cluster
• traefik using ingress, running only 1 instance

The service is deployed and it's working as expected for containers running on the same node as traefik, but not the others.
docker ps --filter doesn't find anything on other nodes which is expected.

Results: Containers running on nodes where traefik is not running can still talk to each other. Not sure how this can be fixed ?

Some logs:

• logs from trafficjam service from the one running on the same node as traefik:

  [2025-02-11 21:54:18] DEBUG: Network driver of traefik-backend is overlay
  [2025-02-11 21:54:18] DEBUG: Subnet of traefik-backend is 172.XXX.YYY.0/24
  [2025-02-11 21:54:18] DEBUG: Whitelisted containers: b58a348d31f2
  [2025-02-11 21:54:18] DEBUG: Whitelisted container IPs: 172.XXX.YYY.14
  [2025-02-11 21:54:18] DEBUG: ID of network traefik-backend is wmncs9gn0pqsnd447cm2mt3ot
  [2025-02-11 21:54:18] DEBUG: Network namespace of traefik-backend (ID: wmncs9gn0pqsnd447cm2mt3ot) is /var/run/netns/1-wmncs9gn0p
  [2025-02-11 21:54:18] DEBUG: Load balancer IP of traefik-backend is 172.XXX.YYY.8
  [2025-02-11 21:54:18] DEBUG: Error Count: 0
  

• Logs from trafficjam service from the ones not running

  [2025-02-11 21:43:49] DEBUG: Network driver of traefik-backend is overlay
  [2025-02-11 21:43:49] DEBUG: Subnet of traefik-backend is 172.XXX.YYY.0/24
  [2025-02-11 21:43:49] ERROR: Unexpected error while getting whitelist container IDs: 
  [2025-02-11 21:43:49] DEBUG: Error Count: 23
  

[kaysond]

What version of docker are you running? If you do docker ps --filter on a node without traefik, what's the exit code? It seems like it's exiting non-zero because it's not finding anything to match the filter.

[RomRider]

Thanks !

I'm running

Docker version 27.5.1, build 9f9e405

And it doesn't exit 1, but 0

ansible@swarm03:~$ docker ps --filter label=foo=bar
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
ansible@swarm03:~$ echo $?
0

docker-compose, in case...

  traefik:
    image: traefik:latest
    healthcheck:
      test: [ "CMD-SHELL", "traefik healthcheck" ]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: ingress
      - target: 443
        published: 443
        protocol: tcp
        mode: ingress
    deploy:
      labels:
        - "trafficjam.proxy.container=true"
    labels:
      - "trafficjam.proxy.container=true"
    depends_on:
      - docker-socket-proxy
    networks:
      - default
      - traefik-backend
    volumes:
      - ${SHARED_DIR}/traefik/traefik.yml:/traefik.yml:ro
      - ${SHARED_DIR}/traefik/config:/config:ro
      - acme:/acme

    env_file: traefik.env

  trafficjam:
    image: kaysond/trafficjam
    networks:
      - default
    depends_on:
      - traefik
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      NETWORK: traefik-backend
      WHITELIST_FILTER: label=trafficjam.proxy.container=true
      SWARM_DAEMON: "true"
      TZ: Europe/Paris
      DEBUG: 1
    deploy:
      replicas: 1
      placement:
        constraints: ['node.role==manager']

[RomRider]

It seems like it's exiting non-zero because it's not finding anything to match the filter.

This line will always trigger the error if there's no traefik container running on the node, even with a 0 exit code.

[kaysond]

It seems like it's exiting non-zero because it's not finding anything to match the filter.

This line will always trigger the error if there's no traefik container running on the node, even with a 0 exit code.

Ah yeah I didn't catch the end of the line there. I think I was trying to protect against inadvertently empty output despite a zero exit code but obviously there are valid scenarios with zero exit code and empty output. Should be an easy fix