Overriding Defaults with Docker Compose and Docker Run, and Additional Resources

> 2. Isolation: All containers without a `--network` specified are attached to the default bridge network, hence can be a risk, as unrelated containers are then able to communicate. Using a custom network provides a scoped network in which only containers attached to that network are able to communicate, hence providing better isolation. ### Manage the resources By default, containers are not limited in their resource usage. However, on shared systems, it's crucial to manage resources effectively. It's important not to let a running container consume too much of the host machine's memory. This is where the `docker run` command shines again. It offers flags like `--memory` and `--cpus` to restrict how much CPU and memory a container can use. ```console $ docker run -d -e POSTGRES_PASSWORD=secret --memory="512m" --cpus=".5" postgres ``` The `--cpus` flag specifies the CPU quota for the container. Here, it's set to half a CPU core (0.5) whereas the `--memory` flag specifies the memory limit for the container. In this case, it's set to 512 MB. ### Override the default CMD and ENTRYPOINT in Docker Compose Sometimes, you might need to override the default commands (`CMD`) or entry points (`ENTRYPOINT`) defined in a Docker image, especially when using Docker Compose. 1. Create a `compose.yml` file with the following content: ```yaml services: postgres: image: postgres entrypoint: ["docker-entrypoint.sh", "postgres"] command: ["-h", "localhost", "-p", "5432"] environment: POSTGRES_PASSWORD: secret ``` The Compose file defines a service named `postgres` that uses the official Postgres image, sets an entrypoint script, and starts the container with password authentication. 2. Bring up the service by running the following command: ```console $ docker compose up -d ``` This command starts the Postgres service defined in the Docker Compose file. 3. Verify the authentication with Docker Desktop Dashboard. Open the Docker Desktop Dashboard, select the **Postgres** container and select **Exec** to enter into the container shell. You can type the following command to connect to the Postgres database: ```console # psql -U postgres ``` ![A screenshot of the Docker Desktop Dashboard selecting the Postgres container and entering into its shell using EXEC button](images/exec-into-postgres-container.webp?border=true) > [!NOTE] > > The PostgreSQL image sets up trust authentication locally so you may notice a password isn't required when connecting from localhost (inside the same container). However, a password will be required if connecting from a different host/container. ### Override the default CMD and ENTRYPOINT with `docker run` You can also override defaults directly using the `docker run` command with the following command: ```console $ docker run -e POSTGRES_PASSWORD=secret postgres docker-entrypoint.sh -h localhost -p 5432 ``` This command runs a Postgres container, sets an environment variable for password authentication, overrides the default startup commands and configures hostname and port mapping. ## Additional resources * [Ways to set environment variables with Compose](/compose/how-tos/environment-variables/set-environment-variables/) * [What is a container](/get-started/docker-concepts/the-basics/what-is-a-container/) ## Next steps Now that you have learned about overriding container defaults, it's time to learn how to persist container data. {{< button text="Persisting container data" url="persisting-container-data" >}}

This section elaborates on overriding default `CMD` and `ENTRYPOINT` using Docker Compose, providing a step-by-step example with a Postgres service. It also demonstrates how to achieve the same outcome directly with the `docker run` command. Finally, it links to additional resources about environment variables and container concepts, and points to the next step in the learning path: persisting container data.