Container lifecycle

kcore supports running OCI containers alongside VMs. Container support uses nerdctl (preferred) or docker as the runtime backend.

Container support is in early phase. Treat it as an operator workflow for labs and controlled environments, not a full orchestration platform.

Create a container (direct node API)

Send a container creation request directly to a specific node agent:

kctl --node <IP>:9091 create container my-app \
  --image nginx:latest \
  --network default \
  --port 8080:80 \
  --env MY_VAR=hello

kind: Container
metadata:
  name: my-app
spec:
  image: nginx:latest
  network: default
  ports:
    - "8080:80"
  env:
    MY_VAR: hello

Apply: kctl apply -f container.yaml

Controller workload API

Alternatively, create a container workload through the controller:

kctl workload create my-app \
  --kind container \
  --image nginx:latest \
  --network default \
  --target-node <NODE_ID>

kind: Container
metadata:
  name: my-app
spec:
  image: nginx:latest
  network: default
  ports:
    - "8080:80"
  env:
    MY_VAR: hello

kctl apply -f container.yaml routes through the controller, which handles scheduling and pushes the desired configuration to the target node.

The direct node path (--node) sends the request straight to the node agent. The workload path goes through the controller, which handles scheduling, records the workload in its state, and pushes the desired configuration to the target node.

Lifecycle operations

Operation	Command
Start	`kctl start container <name>`
Stop	`kctl stop container <name>`
Delete	`kctl delete container <name>`
Get	`kctl get container <name>`
List	`kctl get containers`

Container spec options

Flag	Description
`--image`	OCI image reference (e.g. `nginx:latest`)
`--network`	Bridge name to attach the container to
`--port`	Port mapping in `host:container` format
`--env`	Environment variable in `KEY=VALUE` format
`--cmd`	Override the image entrypoint command

Storage

Containers can optionally mount a volume at /data. When using the controller workload path, specify the storage backend and size:

kctl workload create my-app \
  --kind container \
  --image nginx:latest \
  --network default \
  --target-node <NODE_ID> \
  --storage-backend local \
  --storage-size-bytes 10737418240

Container storage fields are not yet exposed in the YAML manifest format. Use the CLI to attach storage to containers.

Current limitations

Runtime is a nerdctl/docker CLI wrapper, not a native containerd gRPC integration.
No pause, exec, or logs operations are supported yet.
Image pull is not exposed as a separate operation; images are pulled on container creation.
This is Phase 1 scope — expect the API surface to evolve.