While following the instructions for deploying my own custom registry at https://docs.docker.com/v17.09/registry/deploying/, I successfully was able to configure a container using docker run
but when attempting to spin up the registry as a service with docker service create
, the passed in environment variables seem to be missing.
For example, given the docker run command:
docker run -d \
--restart=always \
--name registry \
-v /absolute/path/to/certs:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \
-e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \
-p 8443:443 \
registry:2
The logs show that the REGISTRY_HTTP_ADDR
successfully was set. seeing as though I see msg="listening on [::]:443, tls"
following the container startup. I can also confirm this with docker exec registry env
which returns
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=2a6b8a7ba725
REGISTRY_HTTP_ADDR=0.0.0.0:443
REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem
REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem
HOME=/root
However, when I attempt the docker service create
equivalent, I do not have such luck.
docker service create \
--name registry \
--secret fullchain.pem \
--secret privkey.pem \
--env REGISTRY_HTTP_ADDR=0.0.0.0:443 \
--env REGISTRY_HTTP_TLS_CERTIFICATE=/run/secrets/fullchain.pem \
--env REGISTRY_HTTP_TLS_KEY=/run/secrets/privkey.pem \
--publish published=8443,target=443,mode=host \
--replicas 1 \
--detach=true \
registry:2
Unfortunately the log shows msg="listening on [::]:5000"
, which tells me that it didn’t receive any of the env vars.
I can confirm this when executing env
within the container running:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=fcdbe4efdbb5
HOME=/root
However, when I docker service inspect registry
I get information telling me that the environment variables should be passed to the containers (omitting some of the output)…
[
{
"ID": "ek0vvprm5oj29xokg5vtzh8zb",
"Version": {
"Index": 1066
},
"CreatedAt": "2019-10-22T03:52:46.381717528Z",
"UpdatedAt": "2019-10-22T03:52:46.462539158Z",
"Spec": {
"Name": "registry",
"Labels": {},
"TaskTemplate": {
"ContainerSpec": {
"Image": "registry:2",
"Env": [
"REGISTRY_HTTP_ADDR=0.0.0.0:443",
"REGISTRY_HTTP_TLS_CERTIFICATE=/run/secrets/fullchain.pem",
"REGISTRY_HTTP_TLS_KEY=/run/secrets/privkey.pem"
],
},
},
},
]
Does anyone have any ideas on what’s going wrong here?