I want to create a Docker Image that acts as an executable for which the user passes a token as an environment variable. The executable has sub commands that the user should pass via dockers CMD (think of git with authentication via Env). However, Docker does not append the CMD to the entrypoint. The relevant part of my Dockerfile looks like this:
ENTRYPOINT ["/bin/sh", "-c", "/usr/bin/mycmd --token=$MY_TOKEN"]
CMD ["pull", "stuff"]
So if this container is executed without any CMD overrides and secret
as the MY_TOKEN variable, I would expect
mycmd --token=secret pull stuff
to be executed. If the user starts the container with an override, e.g.
docker run -it -e MY_TOKEN=secret myimage push junk
I would expect
mycmd --token=secret push junk
to be executed. As mentioned above, however, only mycmd --token=secret
gets executed, the CMD is ignored - no matter if I override it during start or set it in the Dockerfile.
Example of using CMD and ENTRYPOINT together If both ENTRYPOINT and CMD are present, what is written in CMD is executed as an option of the command written in ENTRYPOINT. If an argument is added at the time of docker run , the contents of CMD will be overwritten and the ENTRYPOINT command will be executed.
That's right, it is possible to have both in your Dockerfile. There are many situations in which combining CMD and ENTRYPOINT would be the best solution for your Docker container. In such cases, the executable is defined with ENTRYPOINT, while CMD specifies the default parameter.
Docker Entrypoint ENTRYPOINT is the other instruction used to configure how the container will run. Just like with CMD, you need to specify a command and parameters. However, in the case of ENTRYPOINT we cannot override the ENTRYPOINT instruction by adding command-line parameters to the `docker run` command.
The ENTRYPOINT instruction looks almost similar to the CMD instruction. However, the main highlighting difference between them is that it will not ignore any of the parameters that you have specified in the Docker run command (CLI parameters).
With /bin/sh -c "script"
syntax, anything after the -c
argument becomes an argument to your script. You can reach them with $0
and $@
as part of your /bin/sh script:
ENTRYPOINT ["/bin/sh", "-c", "exec /usr/bin/mycmd --token=$MY_TOKEN $0 $@"]
CMD ["pull", "stuff"]
Note that you could also change your entrypoint to be a shell script added to your image that runs exec /usr/bin/mycmd --token=$MY_TOKEN "$@"
and execute that shell script with docker's exec syntax:
ENTRYPOINT ["/entrypoint.sh"]
As specified in the docker documentation, you are specifying an entrypoint that calls a shell (thus not in the shell form, but the exec one). The parameters are passed to the shell (and therefore ignored); only the command in the shell matters. You will see your issue solved after switching your entrypoint call to:
ENTRYPOINT ["usr/bin/mycmd", "--token=$MY_TOKEN"]
Calling a shell in an entrypoint is something heavily discouraged, and precisely only useful when you want to avoid users of the image append custom parameters to your entrypoint.
See you in the interwebs! :)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With