| RUN | 在构建镜像时执行命令,生成新的镜像层 | 构建镜像时 | 安装软件包、设置环境等 | 不适用于容器启动时 | RUN apt-get update && apt-get install -y curl |
| CMD | 定义容器启动时的默认命令和参数 | 容器启动时 | 提供默认命令和参数 | 可以被 docker run 命令行中的其他命令覆盖 | CMD ["echo", "Hello, World!"] |
| ENTRYPOINT | 配置容器启动时总是会执行的命令 | 容器启动时 | 确保容器总是执行特定程序 | 不会被 docker run 命令行中的其他命令覆盖 | ENTRYPOINT ["echo"] |
| 组合使用 | 利用 ENTRYPOINT 确定主要执行程序,CMD 提供默认参数 | 容器启动时 | 确保执行主要程序并提供默认参数 | CMD 默认参数可被覆盖,ENTRYPOINT 始终执行 | ENTRYPOINT ["echo"] |
Docker’s flexibility and robustness as a containerization tool come with a complexity that can be daunting. Multiple methods are available to accomplish similar tasks, and users must understand the pros and cons of the available options to choose the best approach for their projects.
One confusing area concerns the RUN, CMD, and ENTRYPOINT Dockerfile instructions. In this article, we will discuss the differences between these instructions and describe use cases for each.
RUN
The RUN instruction is used in Dockerfiles to execute commands that build and configure the Docker image. These commands are executed during the image build process, and each RUN instruction creates a new layer in the Docker image. For example, if you create an image that requires specific software or libraries installed, you would use RUN to execute the necessary installation commands.
The following example shows how to instruct the Docker build process to update the apt cache and install Apache during an image build:
RUN apt update && apt -y install apache2RUN instructions should be used judiciously to keep the image layers to a minimum, combining related commands into a single RUN instruction where possible to reduce image size.
CMD
The CMD instruction specifies the default command to run when a container is started from the Docker image. If no command is specified during the container startup (i.e., in the docker run command), this default is used. CMD can be overridden by supplying command-line arguments to docker run.
CMD is useful for setting default commands and easily overridden parameters. It is often used in images as a way of defining default run parameters and can be overridden from the command line when the container is run.
For example, by default, you might want a web server to start, but users could override this to run a shell instead:
CMD ["apache2ctl", "-DFOREGROUND"]Users can start the container with docker run -it <image> /bin/bash to get a Bash shell instead of starting Apache.
ENTRYPOINT
The ENTRYPOINT instruction sets the default executable for the container. Any arguments supplied to the docker run command are appended to the ENTRYPOINT command.
Note: Use ENTRYPOINT when you need your container to always run the same base command, and you want to allow users to append additional commands at the end. One caveat is that ENTRYPOINT can be overridden on the docker run command line by supplying the --entrypoint flag.
ENTRYPOINT is particularly useful for turning a container into a standalone executable. For example, suppose you are packaging a custom script that requires arguments (e.g., “my_script extra_args”). In that case, you can use ENTRYPOINT to always run the script process (“my_script”) and then allow the image users to specify the “extra_args” on the docker run command line. You can do the following:
ENTRYPOINT ["my_script"]Combining CMD and ENTRYPOINT
The CMD instruction can be used to provide default arguments to an ENTRYPOINT if it is specified in the exec form. This setup allows the entry point to be the main executable and CMD to specify additional arguments that can be overridden by the user.
For example, you might have a container that runs a Python application where you always want to use the same application file but allow users to specify different command-line arguments:
ENTRYPOINT ["python", "/app/my_script.py"]
CMD ["--default-arg"]Running docker run myimage --user-arg executes python /app/my_script.py --user-arg.
The following table provides an overview of these commands and use cases.
Command description and use cases
| Command | Description | Use Case |
| CMD | Defines the default executable of a Docker image. It can be overridden by docker run arguments. | Utility images allow users to pass different executables and arguments on the command line. |
| ENTRYPOINT | Defines the default executable. It can be overridden by the “--entrypoint” docker run arguments. | Images built for a specific purpose where overriding the default executable is not desired. |
| RUN | Executes commands to build layers. | Building an image |