Understanding the Difference Between RUN and CMD in a Dockerfile

In Docker, a Dockerfile is a text document that contains all the commands you execute to assemble an image. It provides the instruction set through which a Docker image is built. Two fundamental instructions that often create confusion among developers, especially those new to Docker, are RUN and CMD. While both are essential for building and running Docker images, they serve different purposes. Let's delve into these two instructions to understand their distinctions better.

RUN Instruction

The RUN command is used to execute commands in a new layer on top of the existing image and commit the results. It generates a new image layer as part of a Docker image build process.

Key Points About RUN:

• Purpose: To build up an image by installing packages, dependencies, setting environment variables and updating the operating system.
• Execution Time: During the build process of a Docker image.
• Creates a New Layer: Each RUN instruction creates an intermediate layer. As a result, it helps achieve caching benefits.
• Multiple Commands: Although you can chain multiple commands using shell syntax (&&), it's common to have single self-contained commands.

Example:

1FROM ubuntu:20.04
2
3RUN apt-get update && apt-get install -y \
4    python3-pip \
5    curl
6
7RUN pip3 install --no-cache-dir flask

In the above example, the RUN instruction updates the package list and installs Python and the Flask package. Each RUN produces a distinct layer that is cached and boosts successive builds' performance if there are no changes to the respective steps.

CMD Instruction

Unlike RUN, the CMD instruction specifies the default command to execute when a container is started. Only the last CMD instruction in the Dockerfile is considered, and it can be overridden by arguments provided in the docker run command.

Key Points About CMD:

• Purpose: To provide the default command or entrypoint for an executing container.
• Execution Time: During the lifecycle of a container (not during the build).
• Does Not Create a Layer: Unlike RUN, CMD does not create image layers.
• Override Behavior: Can be overridden at runtime by passing a different command.

Types of CMD:

• Shell Form: CMD command param1 param2, executed in /bin/sh -c, suitable for simple commands.
• Exec Form: CMD ["command", "param1", "param2"], executed directly, more suited for subprocess control, handling signals.

Example:

1FROM ubuntu:20.04
2
3RUN apt-get update && apt-get install -y python3
4
5COPY myscript.py /myscript.py
6
7CMD ["python3", "/myscript.py"]

In this case, the CMD specifies that python3 /myscript.py should be executed by default when the container starts. If someone runs docker run <image> bash, it will override this CMD instruction.

Key Differences in a Summary Table

Here's a summary of the main differences between RUN and CMD:

Additional Considerations

• Chaining RUN Commands: Minimizing layers by chaining multiple commands with && can shrink image size, but might obfuscate individual steps in the Dockerfile.
• Combining with ENTRYPOINT: In scenarios requiring a particular application to be executed with specific parameters consistently, leveraging ENTRYPOINT with CMD allows specifying fixed and overridable parts.
• Efficiency in Rebuilding: Efficient use of RUN instructions can leverage Docker's cache layers, leading to faster rebuilds.

Conclusion

Understanding the distinction between RUN and CMD is crucial when authoring Dockerfiles because they affect the image-building process and container runtime behavior differently. RUN focuses on preparing the image, while CMD sets up the default environment for container execution. By leveraging each appropriately, developers can optimize both their Docker images and container executions.