kite container

Manage ephemeral containers. Containers provide isolated code execution environments with gVisor security.

Aliases: cont, c

create

Create a new container.

kite container create <name> [flags]

Flag	Description	Default
--language, -l	Programming language	python
--cpu	CPU in millicores	500
--memory	Memory in MB	512
--internet	Enable internet access	false
--ports	Ports to expose

kite container create runner -l python
kite container create api-test -l node --memory 1024 --internet

list

List containers.

kite container list [--all]

Flag	Description
--all, -a	Show all containers (including stopped)

get

Get container details.

kite container get <name-or-id>

start / stop

kite container start <name-or-id>
kite container stop <name-or-id>

exec

Execute code in a container.

kite container exec <name-or-id> <code> [flags]

Flag	Description	Default
--timeout, -t	Execution timeout in seconds	30

kite container exec runner "print('hello world')"

shell

Open an interactive shell in a container.

kite container shell <name-or-id>

Port Management

expose-port

Expose a port from the container.

kite container expose-port <name-or-id> <port> [--subdomain <name>]

Flag	Description
--subdomain	Custom subdomain

unexpose-port

Remove an exposed port.

kite container unexpose-port <name-or-id> <port>

delete

Delete a container.

kite container delete <name-or-id> [--yes]

Security Model

Containers run with the following isolation:

Layer	Mechanism
Isolation	gVisor userspace kernel
Networking	Disabled by default
Capabilities	All dropped (--cap-drop=ALL)
Privileges	No escalation (no-new-privileges)
Resources	CPU and memory limits via cgroups
User	Non-root (UID 1001)