Environment variables cannot be used to schedule containers to meet the security policy

requirements. Environment variables are used to pass configuration data to the containers, not to

control where they run1. To schedule containers to run on separate nodes in a Swarm cluster, you

need to use node labels and service constraints23. Node labels are key-value pairs that you can

assign to nodes to organize them into groups4. Service constraints are expressions that you can use

to limit the nodes where a service can run based on the node labels. For example, you can label

some nodes as env=dev and others as env=prod, and then use the constraint --constraint

node.labels.env==dev or --constraint node.labels.env==prod when creating a service to ensure that it

runs only on the nodes with the matching label. Reference:

1: Environment variables in Compose | Docker Docs

2: Deploy services to a swarm | Docker Docs

3: How to use Docker Swarm labels to deploy containers on specific nodes

4: Manage nodes in a swarm | Docker Docs

[5]: Swarm mode routing mesh | Docker Docs

[6]: Docker Swarm - How to set environment variables for tasks on various nodes