Docker RUN v CMD v ENTRYPOINT

December 7, 2024 note-to-self docker
  • RUN - (buildtime) during image build, lines in a bash script to install everything for the image. Most Dockerfiles will have many of these. Each one creates a docker layer. It's a good idea to combine many commands into one RUN, after it's reliable, so that there are fewer docker layers in each image.
  • CMD - (runtime) default command to run when container is started from that image, overrideable using docker run. Only the last one is used, if there are multiple.
  • ENTRYPOINT - (runtime) - Defines the main command to run in the container, pass in --entrypoint to override script but easy to override arguments by passing them in to docker run or in docker-compose.yml.

In a docker-compose.yml, you can add command: <command> to pass commands/arguments container starts.

ENTRYPOINT script needs to be executable.


In Practice:

  • Use RUN for image setup (installing software, copying files).
  • Use CMD for containers with defaults that may change often.
  • Use ENTRYPOINT for containers dedicated to a single task (e.g., always running a server).

As always: This is for my own understanding. Please don't assume it is 100% correct.