(Isolated) Container (and Pod) Support

[guvenc]

Summary

This work item focuses on enhancing FeOS with foundational support for containerized workloads, efficient image management, and system observability.

Key deliverables include using OverlayFS for image layering, introducing support for multi-container pods, and enabling isolated container execution.

---

Scope

✅ In Scope

• Use OverlayFS for container/image layers
• Introduce a Pod abstraction for managing groups of containers
• Implement isolated container runtime support

❌ Out of Scope

• Advanced pod networking (e.g., CNI integration)
• Persistent volume support for pods/containers
• Detailed per-container resource monitoring
• Full Kubernetes CRI compliance

---

Responsible Areas

• FeOS Runtime

---

Contributors

• @guvenc 
• @MalteJ 

---

Acceptance Criteria

• Storage & Images

  - [ ] OverlayFS is implemented and used for layering container images.
  - [ ] Images can be mounted read-only with a read-write overlay created for running containers.

• Container & Pod Management

  - [ ] A Pod specification/model is defined and can be submitted to FeOS.
  - [ ] FeOS can launch, manage the lifecycle, and stop a simple multi-container pod.
  - [ ] Containers are launched with basic isolation from the host (e.g., PID, mount namespaces).

---

Action Items

• Design and implement OverlayFS driver for image management.
• Define the Pod data model and API for the FeOS runtime.
• Implement pod lifecycle management (create, start, stop) in the FeOS runtime.
• Implement container isolation mechanisms (e.g., namespaces).
• Add unit and integration tests for OverlayFS and Pod management.