Friday, June 24, 2022

RUN vs CMD vs ENTRYPOINT : DOCKER

https://awstip.com/docker-run-vs-cmd-vs-entrypoint-78ca2e5472bd


The three Dockerfile instructions RUN , CMD and ENTRYPOINT look similar and can easily cause confusions. Let’s discuss their differences in this article.

RUN vs CMD vs ENTRYPOINT

  • RUN executes commands and creates new image layers.
  • CMD sets the command and its parameters to be executed by default after the container is started. However CMD can be replaced by docker run command line parameters.
  • ENTRYPOINT configures the command to run when the container starts, similar to CMD from a functionality perspective.

Shell Format vs Exec Format

We can specify the command to be run by RUN, CMD and ENTRYPOINT in two ways: Shell format and Exec format, which have subtle differences in usage.

Shell Format

Shell format has the following form:

<instruction> <command>

For example:

RUN apt-get install python3CMD echo "Hello world"ENTRYPOINT echo "Hello world"

When the command is executed, the bottom layer of the shell format will call /bin/sh -c <command>. When you run commands in Shell format, the environment variable that defined in ENV command will be inherited.

ENV name Cloud ManENTRYPOINT echo "Hello, $name"# Output
Hello, Cloud Man

Exec Format

Exec format has the following form:

<instruction> ["executable", "param1", "param2", ...]

For example:

RUN ["apt-get", "install", "python3"]CMD ["/bin/echo", "Hello world"]ENTRYPOINT ["/bin/echo", "Hello world"]

When the command is executed, <command> will be called directly and will not be parsed by the shell. The environment variable that defined in ENV will not be passed as well.

ENV name Cloud ManENTRYPOINT ["/bin/echo", "Hello, $name"]# Output
Hello, $name

The Exec format is recommended for CMD and ENTRYPOINT because the instructions are more readable and easier to understand. RUN then both formats are fine.

RUN

The RUN command is typically used to install applications and software packages.

RUN executes the command on top of the current image, and by creating a new image layer. Dockerfile often contains multiple RUN instructions.

CMD

The CMD directive allows user to specify the default command executed by the container. This command runs when the container starts and no other command is specified for docker run .

  1. If docker run specifies another command, the default command specified by CMD will be ignored.
  2. If there are multiple CMD instructions in the Dockerfile, only the last CMD is valid.

CMD has three formats:

  1. Exec format: CMD [“executable”,”param1",”param2"]
  2. CMD [“param1”, ”param2"], this format is used in combination of ENTRYPOINT , to provide extra parameters
  3. Shell format: CMD command param1 param2

Exec format is recommended as it provides better readbility.

ENTRYPOINT

The ENTRYPOINT directive allows the container to run as an application or service.

ENTRYPOINT looks similar to CMD in that both specify the command to execute and its parameters. The difference is that ENTRYPOINT will not be ignored and will be executed, even if other commands are specified when running docker run.

ENTRYPOINT has two formats:

  1. Exec format: ENTRYPOINT [“executable”, “param1”, “param2”] This is the recommended format for ENTRYPOINT.
  2. Shell format: ENTRYPOINT command param1 param2

The parameters in ENTRYPOINT are always used, while the extra parameters of CMD can be dynamically replaced when the container starts. For example:

ENTRYPOINT ["/bin/echo", "Hello"]CMD ["world"]# Output
Hello world

Note the shell format of ENTRYPOINT ignores any arguments provided by CMD or docker run.

FROM busyboxENTRYPOINT echo helloCMD world# Output
hello

Conclusion

  1. Use the RUN command to install applications and packages, and build images.
  2. If the purpose of the Docker image is to run an application or service, such as running a MySQL, the ENTRYPOINT command in the Exec format should be used in preference. CMD can provide additional default parameters for ENTRYPOINT, and the default parameters can be replaced by the docker run command line.
  3. If you want to set the default startup command for the container, you can use the CMD command. Users can override this default command in the docker run command line.

Wednesday, June 22, 2022

AWS ASSUMEROLE

 Assume an IAM role using the AWS CLI (amazon.com)

Authenticating to AWS with Environment Variables | by Yevgeniy Brikman | Gruntwork

amazon web services - bash script for AWS assume-role - Stack Overflow


aws sts get-caller-identity

aws sts assume-role --role-arn "arn:aws:iam::123456789012:role/example-role" --role-session-name AWSCLI-Session

export AWS_ACCESS_KEY_ID=RoleAccessKeyID export AWS_SECRET_ACCESS_KEY=RoleSecretKey export AWS_SESSION_TOKEN=RoleSessionToken

aws sts get-caller-identity

unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN aws sts get-caller-identity

-------------------------------------------------------------------------------

Next, you call aws sts assume-role, passing it the ARN of the IAM Role you want to assume, plus a “role session name” that can be used to tell who is assuming the IAM Role and why (as the same IAM Role may be assumed by may different users):

aws sts assume-role \
--role-arn arn:aws:iam::123456789012:role/dev-full-access \
--role-session-name username@company.com

This will return a blob of JSON that contains Temporary Access Keys:

{
"Credentials": {
"SecretAccessKey": "secret-access-key",
"SessionToken": "temporary-session-token",
"Expiration": "expiration-date-time",
"AccessKeyId": "access-key-id"
}
}

You must now set these Temporary Access Keys as environment variables, overriding the old environment variables:

export AWS_ACCESS_KEY_ID=<Access-key-from-output>
export AWS_SECRET_ACCESS_KEY=<Secret-access-key-from-output>
export AWS_SESSION_TOKEN=<Session-Token-from-output>

Why do I have to explicitely define labels multiple times? Kubernetes

 kubernetes - Why do I have to explicitely define labels multiple times? - Server Fault

DOCKERFILE DOCKER Commands

 Docker RUN vs CMD vs ENTRYPOINT (codewithyury.com)

MAVEN - BOM - Bill of Materials

 Using Maven's Bill of Materials (BOM) (reflectoring.io)

4 kinds of Service in K8 - ClusterIP, NodePort, LoadBalancer and ExternalName

 Kubernetes — Service Types Overview | by Ashish Patel | DevOps Mojo | Medium

Azure - Pipeline - Add Approver for Stage

https://learn.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass