This blog is a follow-up of
<<Docker Run Reference>>
.
When builds an image from a Dockerfile or by committing from a running container, we can set startup parameters for the new image.
Four of the Dockerfile commands cannot be overridden at runtime: FROM
,
MAINTAINER
, RUN
, and ADD
. Everything else has a corresponding override in
docker run
command.
CMD
The CMD
can be the default startup command for a container or the arguments
for entrypoint.
1 | docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...] |
If the image has an ENTRYPOINT
specified then the CMD
or COMMAND
is
appended as arguments to the ENTRYPOINT
(see next section).
For example, overrides the CMD
in busybox by /bin/sh -c ls -ltr
:
1 | docker run -it busybox /bin/sh -c ls -ltr |
You can use inspect to check the default CMD
in image, it shows the default
CMD
for busybox is [sh]
. If you override it by /bin/sh -c ls -ltr
like
above example, then you run
1 | # There is also a "ContainerConfig" section, but it is not related to CMD. |
You can see under the COMMAND
column, it changes to /bin/sh -c ls -ltr
, easy
to verify.
1 | # --no-trunc: no truncate output |
ENTRYPOINT
The ENTRYPOINT
is the default start point of the running container.
1 | # Overwrite the default entrypoint set by the image |
The ENTRYPOINT
of an image is similar to a COMMAND
because it specifies what
executable to run when the container starts, but it is (purposely) more
difficult to override. The ENTRYPOINT
gives a container its default nature or
behavior, so that when you set an ENTRYPOINT
you can run the container as if
it was that binary, complete with default options, and you can pass in more
options via the COMMAND
.
Check the default entrypoint of a image by:
1 | docker inspect -f "{{.Config.Entrypoint}}" <image or container> |
To override the entrypoint as /bin/sh
and pass parameters tail -f /dev/null
to it:
1 | docker run -d \ |
NOTE:
--entrypoint
will clear out any default command in image.
EXPOSE
The EXPOSE
is used for incoming traffic when published.
1 | --expose=[]: Expose a port or a range of ports inside the container. |
With the exception of the EXPOSE
directive, an image developer hasn’t got much control over networking. The EXPOSE
instruction defines the initial incoming ports (listens on specific network ports) that provide services. These ports are available to processes inside the container. An operator can use the --expose option to add to the exposed ports.
NOTE:
EXPOSE
will not allow communication between container and host or other containers from different network. To allow this you need to publish the ports.
NOTE: using
-P
or-p
rather than--net=host
for incoming traffic.
To expose a container’s internal port, using the -P
or -p
flag. The exposed
port is accessible by any client that can access the host.
NOTE: in K8s, if the pods are in the same namespace, the pods can communicate with each other, no additional config is needed except you want to access the pods from outside of the cluster.
USER
1 | -u="", --user="": Sets the username or UID used and optionally the groupname o |
root (id = 0) is the default user in a container. The developer can create additional users.
ENV
Docker automatically sets some environment variables when creating a Linux container.
The following environment variables are set for Linux containers:
- HOME: Set based on the value of USER
- HOSTNAME: The hostname associated with the container
- PATH: Includes popular directories, for example:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- TERM: xterm if the container is allocated a pseudo-TTY
Additionally, the operator can set any environment variable in the container by
using one or more -e
flags. If the operator names an environment variable
without specifying a value, then the current value of the named variable is
populated into the container’s environment.
VOLUME
1 | -v, --volume=[host-src:]container-dest[:<options>]: Bind mount a volume. |
The volumes commands are complex enough to have their own documentation.
The container-dest
must always be an absolute path such as /src/docs
. The
host-src
can either be an absolute path or a name value. If you supply an
absolute path for the host-src
, Docker bind-mounts to the path you specify. If
you supply a name, Docker creates a named volume by that name.
For example, you can specify either /foo
or foo
for a host-src
value. If
you supply the /foo
value, Docker creates a bind mount. If you supply the
foo
specification, Docker creates a named volume.
Other Resources
Docker run reference Dockerfile reference Expose vs publish: Docker port commands explained simply