why does docker.sock need to be mounted

[xdewx]

As far as I know, it is very dangerous to mount docker.sock inside the container, so why does this container need to mount docker.sock?

[vmaurin]

The reason is here https://github.com/wurstmeister/kafka-docker/wiki#why-is-varrundockersock-needed

The advertised port (and host) is part of Kafka protocol, when you connect to a bootstrap server with a client to get all the brokers address and ports. A docker version of Kafka will have to handle this if it is supposed to be available from the host point of view. As far as I known (and I am stucked to from my own images) there are only two ways :

• the port is fixed from outside the container, then passed as var env. Then you don't need to mount the docker socket, nor installing docker inside the container, but on the other end, you let the user of this image to find a way to statically or dynamically pick the host port
• the host port is read by the container with the socket + the docker in docker trick

I would love that you can tell docker compose to send the ephemeral port to the inside container, but it doesn't seem to be the case