Skip to main content

Explain Docker RUN vs CMD vs ENTRYPOINT



Some Docker instructions look similar and cause confusion among developers who just started using Docker or do it irregularly. In this post I will explain the difference between CMD, RUN, and ENTRYPOINT on examples.




In a nutshell
  • RUN executes command(s) in a new layer and creates a new image. E.g., it is often used for installing software packages.
  • CMD sets default command and/or parameters, which can be overwritten from command line when docker container runs.
  • ENTRYPOINT configures a container that will run as an executable.

If it doesn’t make much sense or you after details, then read on.


Docker images and layers

When Docker runs a container, it runs an image inside it. This image is usually built by executing Docker instructions, which add layers on top of existing image or OS distribution. OS distribution is the initial image and every added layer creates a new image.

Final Docker image reminds an onion with OS distribution inside and a number of layers on top of it. For example, your image can be built by installing a number of deb packages and your application on top of Ubuntu 14.04 distribution.


Shell and Exec forms

All three instructions (RUN, CMD and ENTRYPOINT) can be specified in shell form or exec form. Let’s get familiar with these forms first, because the forms usually cause more confusion than instructions themselves.
Shell form

<instruction> <command>

Examples:RUN apt-get install python3 CMD echo "Hello world" ENTRYPOINT echo "Hello world"


When instruction is executed in shell form it calls /bin/sh -c <command> under the hood and normal shell processing happens. For example, the following snippet in DockerfileENV name John Dow ENTRYPOINT echo "Hello, $name"


when container runs as docker run -it <image> will produce outputHello, John Dow


Note that variable name is replaced with its value.


Exec form

This is the preferred form for CMD and ENTRYPOINT instructions.

<instruction> ["executable", "param1", "param2", ...]

Examples:RUN ["apt-get", "install", "python3"] CMD ["/bin/echo", "Hello world"] ENTRYPOINT ["/bin/echo", "Hello world"]


When instruction is executed in exec form it calls executable directly, and shell processing does not happen. For example, the following snippet in DockerfileENV name John Dow ENTRYPOINT ["/bin/echo", "Hello, $name"]


when container runs as docker run -it <image> will produce outputHello, $name


Note that variable name is not substituted.


How to run bash?

If you need to run bash (or any other interpreter but sh), use exec form with /bin/bash as executable. In this case, normal shell processing will take place. For example, the following snippet in DockerfileENV name John Dow ENTRYPOINT ["/bin/bash", "-c", "echo Hello, $name"]


when container runs as docker run -it <image> will produce outputHello, John Dow


RUN


RUN instruction allows you to install your application and packages requited for it. It executes any commands on top of the current image and creates a new layer by committing the results. Often you will find multiple RUN instructions in a Dockerfile.

RUN has two forms:
  1. RUN <command> (shell form)
  2. RUN ["executable", "param1", "param2"] (exec form)

(The forms are described in detail in Shell and Exec forms section above.)

A good illustration of RUN instruction would be to install multiple version control systems packages:

RUN apt-get update && apt-get install -y \
bzr \
cvs \
git \
mercurial \
subversion


Note that apt-get update and apt-get install are executed in a single RUN instruction. This is done to make sure that the latest packages will be installed. If apt-get install were in a separate RUN instruction, then it would reuse a layer added by apt-get update, which could had been created a long time ago.


CMD

CMD instruction allows you to set a default command, which will be executed only when you run container without specifying a command. If Docker container runs with a command, the default command will be ignored. If Dockerfile has more than one CMD instruction, all but last CMD instructions are ignored.

CMD has three forms:
  1. CMD ["executable","param1","param2"] (exec form, preferred)

  2. CMD ["param1","param2"] (sets additional default parameters for ENTRYPOINT in exec form)

  3. CMD command param1 param2 (shell form)

Again, the first and third forms were explained in Shell and Exec forms section. The second one is used together with ENTRYPOINT instruction in exec form. It sets default parameters that will be added after ENTRYPOINT parameters if container runs without command line arguments. See ENTRYPOINT for example.

Let’s have a look how CMD instruction works. The following snippet in Dockerfile:

CMD echo "Hello world"

when container runs as docker run -it <image> will produce output:

Hello world

While container runs with a command, e.g.,
docker run -it <image> /bin/bash, CMD is ignored and bash interpreter runs instead:
root@7de4bed89922:/#

ENTRYPOINT


ENTRYPOINT instruction allows you to configure a container that will run as an executable. It looks similar to CMD, because it also allows you to specify a command with parameters. The difference is ENTRYPOINT command and parameters are not ignored when Docker container runs with command line parameters. (There is a way to ignore ENTTRYPOINT, but it is unlikely that you will do it.)

ENTRYPOINT has two forms:
  1. ENTRYPOINT ["executable", "param1", "param2"] (exec form, preferred)
  2. ENTRYPOINT command param1 param2 (shell form)


Be very careful when choosing ENTRYPOINT form, because forms behaviour differs significantly.


Exec form

Exec form of ENTRYPOINT allows you to set commands and parameters and then use either form of CMD to set additional parameters that are more likely to be changed. ENTRYPOINT arguments are always used, while CMD ones can be overwritten by command line arguments provided when Docker container runs. For example, the following snippet in Dockerfile:

ENTRYPOINT ["/bin/echo", "Hello"]
CMD ["world"]


when container runs as docker run -it <image> will produce output:
Hello world


but when container runs as docker run -it <image> John will result in:
Hello John


Shell form

Shell form of ENTRYPOINT ignores any CMD or docker run command line arguments.


The bottom line

Use RUN instructions to build your image by adding layers on top of initial image.

Prefer ENTRYPOINT to CMD when building executable Docker image and you need a command always to be executed. Additionally use CMD if you need to provide extra default arguments that could be overwritten from command line when docker container runs.

Choose CMD if you need to provide a default command and/or arguments that can be overwritten from command line when docker container runs.

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Reset Steam Password? – Recover Your Steam Password

Are you suffering with Reset Steam Password? This blog will help you. What is Steam? Steam is the online website for getting the best games for paid. If you are a true game lover then you should have an active account on Steam. Many of people lost their password during the  PC clean-up  or any other circumstances. At that time they have to reset Password of all accounts. Then if you facing issues with the password, you forced to Steam reset password to access the Steam account. We are going to share the guide that how to recover your forgotten Steam Password and make your existing account ready. First of all, you should have enough knowledge about what is Steam and why Steam Account required? Why Steam Account Requires? Before jump into password recovery and Login details, let me clear about why Steam Account required? There are several benefits of this Steam Account from where you can easily download PC games as well as software. Though it will be p...
Post a Comment
Read more

What is STP? - Explain Advantages and Disadvantages

The Spanning Tree Protocol is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. STP is a protocol. It actively monitors all links of the network. To finds a redundant link, it uses an algorithm, known as the STA (spanning-tree algorithm). The STA algorithm first creates a topology database then it finds and disables the redundant links. Once redundant links are disabled, only the STP-chosen links remain active. If a new link is added or an existing link is removed, the STP re-runs the STA algorithm and re-adjusts all links to reflect the change. STP (Spanning Tree Protocol) automatically removes layer 2 switching loops by shutting down the redundant links. A redundant link is an additional link between two switches. A redundant link is usually created for backup purposes. Just like every coin has two sides, a redundant link, along with...
5 comments
Read more