Docker service (registry:2) missing environment variables

General Discussions General
1

While following the instructions for deploying my own custom registry at https://docs.docker.com/v17.09/registry/deploying/, I successfully was able to configure a container using docker run but when attempting to spin up the registry as a service with docker service create, the passed in environment variables seem to be missing.

For example, given the docker run command:

docker run -d \
    --restart=always \
    --name registry \
    -v /absolute/path/to/certs:/certs \
    -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \
    -e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \
    -p 8443:443 \
    registry:2

The logs show that the REGISTRY_HTTP_ADDR successfully was set. seeing as though I see msg="listening on [::]:443, tls" following the container startup. I can also confirm this with docker exec registry env which returns

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=2a6b8a7ba725
REGISTRY_HTTP_ADDR=0.0.0.0:443
REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem
REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem
HOME=/root

However, when I attempt the docker service create equivalent, I do not have such luck.

docker service create \
    --name registry \
    --secret fullchain.pem \
    --secret privkey.pem \
    --env REGISTRY_HTTP_ADDR=0.0.0.0:443 \
    --env REGISTRY_HTTP_TLS_CERTIFICATE=/run/secrets/fullchain.pem  \
    --env REGISTRY_HTTP_TLS_KEY=/run/secrets/privkey.pem \
    --publish published=8443,target=443,mode=host \
    --replicas 1 \
    --detach=true \
    registry:2

Unfortunately the log shows msg="listening on [::]:5000", which tells me that it didn’t receive any of the env vars.

I can confirm this when executing env within the container running:

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=fcdbe4efdbb5
HOME=/root

However, when I docker service inspect registry I get information telling me that the environment variables should be passed to the containers (omitting some of the output)…

[
    {
        "ID": "ek0vvprm5oj29xokg5vtzh8zb",
        "Version": {
            "Index": 1066
        },
        "CreatedAt": "2019-10-22T03:52:46.381717528Z",
        "UpdatedAt": "2019-10-22T03:52:46.462539158Z",
        "Spec": {
            "Name": "registry",
            "Labels": {},
            "TaskTemplate": {
                "ContainerSpec": {
                    "Image": "registry:2",
                    "Env": [
                        "REGISTRY_HTTP_ADDR=0.0.0.0:443",
                        "REGISTRY_HTTP_TLS_CERTIFICATE=/run/secrets/fullchain.pem",
                        "REGISTRY_HTTP_TLS_KEY=/run/secrets/privkey.pem"
                    ],
                },
          },
     },
]

Does anyone have any ideas on what’s going wrong here?