From 9a6f8de8e10524a3bf26ade29c84a32a81768557 Mon Sep 17 00:00:00 2001
From: Hector Ros <hectorros@Mac.localdomain>
Date: Tue, 20 Jan 2026 17:22:03 +0100
Subject: [PATCH] Add StatefulSet for agents + update backend submodule

- Create StatefulSet YAML with volumeClaimTemplates for persistent workspaces
- Configure headless service for pod-to-pod terminal access
- Update backend submodule with multi-user auth and agent management

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
---
 backend                     |  2 +-
 k8s/agents/statefulset.yaml | 80 +++++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 k8s/agents/statefulset.yaml

diff --git a/backend b/backend
index 08e6f66..8382f66 160000
--- a/backend
+++ b/backend
@@ -1 +1 @@
-Subproject commit 08e6f66c7dc7287b57297eb2dc9ee82b9b3c1489
+Subproject commit 8382f6645ed496d26ca55b6d8517be6b5eeeb53c
diff --git a/k8s/agents/statefulset.yaml b/k8s/agents/statefulset.yaml
new file mode 100644
index 0000000..d600f00
--- /dev/null
+++ b/k8s/agents/statefulset.yaml
@@ -0,0 +1,80 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: claude-agent
+  namespace: agents
+spec:
+  clusterIP: None  # Headless service for StatefulSet
+  selector:
+    app: claude-agent
+  ports:
+  - name: terminal
+    port: 7681
+    targetPort: 7681
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: claude-agent
+  namespace: agents
+spec:
+  serviceName: claude-agent
+  replicas: 0  # Will be scaled dynamically via API
+  selector:
+    matchLabels:
+      app: claude-agent
+  template:
+    metadata:
+      labels:
+        app: claude-agent
+    spec:
+      serviceAccountName: agent-sa
+      imagePullSecrets:
+      - name: gitea-registry
+      containers:
+      - name: agent
+        image: git.fuq.tv/admin/aiworker-agent:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 7681
+          name: terminal
+        env:
+        - name: BACKEND_URL
+          value: "https://api.fuq.tv"
+        - name: MCP_ENDPOINT
+          value: "https://api.fuq.tv/api/mcp"
+        - name: GITEA_URL
+          value: "https://git.fuq.tv"
+        - name: GITEA_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: agent-secrets
+              key: gitea-token
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        # USER_ID will be injected by backend when creating agents dynamically
+        resources:
+          requests:
+            cpu: 500m
+            memory: 1Gi
+          limits:
+            cpu: 2000m
+            memory: 4Gi
+        volumeMounts:
+        - name: workspace
+          mountPath: /workspace
+  volumeClaimTemplates:
+  - metadata:
+      name: workspace
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      storageClassName: longhorn
+      resources:
+        requests:
+          storage: 10Gi