• Jobs
  • About Us
  • professionals
    • Home
    • Jobs
    • Courses and challenges
  • business
    • Home
    • Post vacancy
    • Our process
    • Pricing
    • Assessments
    • Payroll
    • Blog
    • Sales
    • Salary Calculator

0

215
Views
Docker container with entrypoint variable expansion and CMD parameters

I want to create a Docker Image that acts as an executable for which the user passes a token as an environment variable. The executable has sub commands that the user should pass via dockers CMD (think of git with authentication via Env). However, Docker does not append the CMD to the entrypoint. The relevant part of my Dockerfile looks like this:

ENTRYPOINT ["/bin/sh", "-c", "/usr/bin/mycmd --token=$MY_TOKEN"]
CMD ["pull", "stuff"]

So if this container is executed without any CMD overrides and secret as the MY_TOKEN variable, I would expect

mycmd --token=secret pull stuff

to be executed. If the user starts the container with an override, e.g.

docker run -it -e MY_TOKEN=secret myimage push junk

I would expect

mycmd --token=secret push junk

to be executed. As mentioned above, however, only mycmd --token=secret gets executed, the CMD is ignored - no matter if I override it during start or set it in the Dockerfile.

about 3 years ago · Santiago Trujillo
2 answers
Answer question

0

With /bin/sh -c "script" syntax, anything after the -c argument becomes an argument to your script. You can reach them with $0 and $@ as part of your /bin/sh script:

ENTRYPOINT ["/bin/sh", "-c", "exec /usr/bin/mycmd --token=$MY_TOKEN $0 $@"]
CMD ["pull", "stuff"]

Note that you could also change your entrypoint to be a shell script added to your image that runs exec /usr/bin/mycmd --token=$MY_TOKEN "$@" and execute that shell script with docker's exec syntax:

ENTRYPOINT ["/entrypoint.sh"]
about 3 years ago · Santiago Trujillo Report

0

As specified in the docker documentation, you are specifying an entrypoint that calls a shell (thus not in the shell form, but the exec one). The parameters are passed to the shell (and therefore ignored); only the command in the shell matters. You will see your issue solved after switching your entrypoint call to:

ENTRYPOINT ["usr/bin/mycmd", "--token=$MY_TOKEN"]

Calling a shell in an entrypoint is something heavily discouraged, and precisely only useful when you want to avoid users of the image append custom parameters to your entrypoint.

See you in the interwebs! :)

about 3 years ago · Santiago Trujillo Report
Answer question
Find remote jobs

Discover the new way to find a job!

Top jobs
Top job categories
Business
Post vacancy Pricing Our process Sales
Legal
Terms and conditions Privacy policy
© 2025 PeakU Inc. All Rights Reserved.

Andres GPT

Recommend me some offers
I have an error