What is the difference between CMD and ENTRYPOINT?

· Category: Docker

Short answer

ENTRYPOINT defines the fixed executable that runs when the container starts, while CMD provides default arguments that can be overridden. Use ENTRYPOINT for consistent behavior and CMD for flexible defaults.

Key differences

  • ENTRYPOINT is meant to configure the container as an executable.
  • CMD supplies default arguments to ENTRYPOINT or runs a command directly if no ENTRYPOINT is set.
  • Arguments passed to docker run <image> <args> override CMD, not ENTRYPOINT.

Example

FROM ubuntu:22.04
ENTRYPOINT ["echo"]
CMD ["Hello, World"]

Running the container:

docker run myimage          # outputs: Hello, World
docker run myimage DevOps   # outputs: DevOps

Using CMD alone:

FROM ubuntu:22.04
CMD ["echo", "Hello, World"]

When to use each

  • Use ENTRYPOINT when the container has a primary purpose, such as a CLI tool or server.
  • Use CMD when you want to provide sensible defaults that users can easily override.
  • Combine both for flexible yet predictable container behavior.

Common issues

  • Shell form (CMD command) runs through /bin/sh -c, which can cause signal handling issues.
  • Always prefer JSON array syntax (["executable", "param1"]) for proper signal forwarding.
  • Overriding ENTRYPOINT requires docker run --entrypoint.