Difference Between RUN and CMD in a Dockerfile

TLDR

In a Dockerfile, RUN is used to execute commands during the image build process, creating layers in the final image. CMD specifies the default command to run when a container starts. Use RUN for building the image and CMD for defining the container's runtime behavior.

---

When writing a Dockerfile, understanding the difference between RUN and CMD is crucial for building efficient and functional Docker images. While both are used to execute commands, they serve different purposes. This guide will explain the differences and provide examples to help you use them effectively.

What is RUN?

The RUN instruction is used to execute commands during the image build process. Each RUN command creates a new layer in the Docker image. It is typically used for installing software, setting up the environment, or performing other tasks required to build the image.

Example

Here is an example of using RUN in a Dockerfile:

# Dockerfile
FROM ubuntu:20.04

# Install curl
RUN apt-get update && apt-get install -y curl

In this example:

• The RUN instruction updates the package list and installs curl.
• The resulting image includes curl as part of its filesystem.

Why It Matters

• Build-Time Execution: Commands in RUN are executed during the build process, not when the container starts.
• Layer Creation: Each RUN instruction creates a new layer, which can be cached to speed up subsequent builds.

What is CMD?

The CMD instruction specifies the default command to run when a container starts. Unlike RUN, it does not execute during the build process. Instead, it defines the container's runtime behavior.

Example

Here is an example of using CMD in a Dockerfile:

# Dockerfile
FROM node:16

# Set the default command to run the application
CMD ["node", "app.js"]

In this example:

• The CMD instruction specifies that the container should run node app.js when it starts.
• If a different command is provided at runtime, it will override the CMD instruction.

Why It Matters

• Runtime Execution: CMD defines what the container does when it starts.
• Overridable: The CMD instruction can be overridden by specifying a command when running the container.

Key Differences Between RUN and CMD

Feature	RUN	CMD
Purpose	Executes commands during build	Specifies default runtime command
Execution Time	Build time	Runtime
Layer Creation	Creates a new image layer	Does not create a new layer
Overridable	No	Yes

Combining RUN and CMD

You can use both RUN and CMD in the same Dockerfile to build the image and define its runtime behavior.

Example

# Dockerfile
FROM python:3.9

# Install dependencies
RUN pip install flask

# Set the default command
CMD ["python", "app.py"]

In this example:

• The RUN instruction installs Flask during the build process.
• The CMD instruction specifies that the container should run python app.py when it starts.

Best Practices

• Minimize Layers: Combine multiple commands in a single RUN instruction to reduce the number of layers.
• Use CMD for Defaults: Use CMD to define the default behavior of the container, but allow it to be overridden if needed.
• Avoid Hardcoding: Avoid hardcoding sensitive information like credentials in RUN or CMD instructions.

By understanding the differences between RUN and CMD, you can write more efficient and functional Dockerfiles, ensuring your containers behave as expected.