Plan: Kubernetes-native subprocess + pod-exec worker hosts (#291)

[ealt]

What this is

Plan for #291 (plan stage only — no implementation). Adds docs/plans/eden-phase-13f-k8s-worker-modes.md, the chunk plan for bringing user-supplied *_command worker modes to the Helm/Kubernetes substrate: the merged 13a chart runs scripted-mode reference workers only, so today "infra validates on EKS" but real experiments can't run there.

What the plan resolves

• Subprocess mode in-pod (all three roles): operator experiment image FROM eden-reference, emptyDir worktrees, per-role workers.<role>.mode values, repeatable --*-env-file plumbing.
• Pod-exec mode (executor + evaluator; the k8s-native analog of Compose's docker-exec — no docker socket exists on containerd clusters): per-task batch/v1 Jobs with init/user/reporter-publisher container trust split, quarantine-fetch + three-outcome push read-back ladder, ownerReference + reaper + claim-expiry lifecycle, opt-in namespace-scoped RBAC (zero RBAC objects rendered by default), absolute outcome deadline, automountServiceAccountToken: false task pods.
• 13b/Phase 13b — Executor as a k8s Job (GPU node selection) #172 subsumption: the per-task-Job substrate and GPU scheduling pass-through values land in 13f; the 13b plan gets a superseded banner (archive move rides 13f's final wave), the roadmap 13b line is re-pointed, and Phase 13b — Executor as a k8s Job (GPU node selection) #172 closes when the pod-exec wave ships. Chunk id 13f because 13a–13e are allocated and this scope is broader than 13b's slot.
• Cross-service artifact serving on Kubernetes (RWX / blob backend) #285/Wire-level artifact upload endpoint (POST/GET /v0/experiments/<id>/artifacts) for distributed deployments #166/Migrate artifact writers to wire deposit + retire the file:// read path (#166 Wave 3 cutover) #290 reconciliation: shared artifacts PVC interim (RWX on multi-node; EFS on EKS) until the Migrate artifact writers to wire deposit + retire the file:// read path (#166 Wave 3 cutover) #290 wire-artifact cutover retires it.
• Bundled host-code changes the substrate forces: subprocess env isolation (spawn() currently inherits the host's full os.environ, and the chart injects every deployment secret via envFrom — user code would receive EDEN_ADMIN_TOKEN), claim expires_at plumbing (--claim-ttl-seconds), startup/wrapper experiment-dir checks.
• CI story: helm-smoke-subprocess + helm-smoke-pod-exec kind smokes with concrete assertions, plus helm-lint render-matrix extensions.

Review

Plan-stage codex-review (plan profile), 4 rounds to convergence; record committed under docs/plans/review/eden-phase-13f-k8s-worker-modes/20260611T150217/. Round 0–3 caught: Forgejo-credential exposure in the 13b wrapper-push design (fixed via publisher container), missing push read-back ladder, missing claim expiry, hostile-clone trust root (fixed via quarantine fetch), task-pod SA tokens, evaluator sentinel robustness (fixed via reporter container), and the absolute deadline.

What this does NOT cover

• Any implementation — that's the 13f impl chunk, executed against this plan (waves 1–5 in §9).
• The physical move of the superseded 13b plan to docs/archive/ (rides 13f's final docs wave; banner added now).
• Closing Phase 13b — Executor as a k8s Job (GPU node selection) #172 (closes at pod-exec-wave merge per the plan; a pointer comment lands on it at plan-merge).
• The §11 deferral candidates (per-experiment GPU overrides, podFailurePolicy, static wrapper binary, sentinel nonce + per-task credential Secret, shallow clone, NetworkPolicy, hardened isolation, branch protection) — each named in the plan with issue-filing intent at the wave that makes it real, per the deferral-tracking rule.

Validation

markdownlint (pinned CI version, full sweep) ✓ · scripts/check-rename-discipline.py ✓ · scripts/spec-xref-check.py ✓. Docs-only change; no code paths touched.

Plan for #291 — does NOT close it.

🤖 Generated with Claude Code