What are shell form and exec form?

The docker shell syntax (which is just a string as the RUN, ENTRYPOINT, and CMD) will run that string as the parameter to /bin/sh -c. This gives you a shell to expand variables, sub commands, piping output, chaining commands together, and other shell conveniences.

RUN ls * | grep $trigger_filename || echo file missing && exit 1

The exec syntax simply runs the binary you provide with the args you include, but without any features of the shell parsing. In docker, you indicate this with a json formatted array.

RUN ["/bin/app", "arg1", "arg2"]

The advantage of the exec syntax is removing the shell from the launched process, which may inhibit signal processing. The reformatting of the command with /bin/sh -c in the shell syntax may also break concatenation of your entrypoint and cmd together.

The entrypoint documentation does a good job covering the various scenarios and explaining this in more detail.

These following explanation are from the Kubernetes In Action book(chapter 7).

Firstly, They have both two different forms:

• shell form—For example, ENTRYPOINT node app.js

• exec form—For example, ENTRYPOINT ["node","app.js"]

Actually The difference is whether the specified command is invoked inside a shell or not. I want to explain main difference between them with an example, too.

ENTRYPOINT ["node", "app.js"]

This runs the node process directly (not inside a shell), as you can see by listing the processes running inside the container:

$ docker exec 4675d ps x  PID TTY      STAT   TIME    COMMAND1    ?        Ssl    0:00   node app.js   12   ?        Rs     0:00   ps x

ENTRYPOINT node app.js

If you’d used the shell form (ENTRYPOINT node app.js), these would have been the container’s processes:

$ docker exec -it e4bad ps x  PID TTY      STAT   TIME    COMMAND    1    ?        Ss     0:00   /bin/sh -c node app.js7    ?        Sl     0:00   node app.js   13   ?        Rs+    0:00   ps x

As you can see, in that case, the main process (PID 1) would be the shell process instead of the node process. The node process (PID 7) would be started from that shell. The shell process is unnecessary, which is why you should always use the exec form of the ENTRYPOINT instruction.