apiVersion: v1
kind: Pod
metadata:
  name: lmstudio
  annotations:
    run.oci.keep_original_groups: "1"
    cdi.k8s.io/DeviceName.0: "podman.io/device=/dev/kfd"
    cdi.k8s.io/DeviceName.1: "podman.io/device=/dev/dri"
spec:
  hostNetwork: false
  containers:
  # lmstudio container
  - name: lmstudio
    #image: localhost/lm-studio-fedora:xspice
    image: localhost/lm-studio-debian:latest
    hostname: lmstudio
    network: podman
    env:
      - name: TZ
        value: "Europe/Berlin"
    ports:
      - containerPort: 1234
        hostPort: 1234
      - containerPort: 5900
        hostPort: 5900
    volumeMounts:
      - name: lmstudio-data
        mountPath: /root/.lmstudio
      - name: lmstudio-config-pvc
        mountPath: /root/.config
      - name: dev-dri
        mountPath: /dev/dri
      - name: dev-kfd
        mountPath: /dev/kfd
    securityContext:
      capabilities:
        add:
          - SYS_ADMIN

  # Open WebUI container
  - name: open-webui
    image: ghcr.io/open-webui/open-webui:main
    hostname: webui
    network: podman
    env:
      - name: TZ
        value: "Europe/Berlin"
    ports:
      - containerPort: 8080
        hostPort: 8888
    volumeMounts:
      - name: open-webui-pvc
        mountPath: /app/backend/data
    securityContext:
      capabilities:
        add:
          - SYS_ADMIN

  volumes:
    # Persistent volumes
    - name: open-webui-pvc
      persistentVolumeClaim:
        claimName: open-webui

    # HostPath devices for GPU access
    - name: lmstudio-data
      hostPath:
        path: /home/do/.lmstudio
        type: Directory
    - name: lmstudio-config-pvc
      persistentVolumeClaim:
        claimName: lmstudio-config
    - name: dev-dri
      hostPath:
        path: /dev/dri
        type: Directory
    - name: dev-kfd
      hostPath:
        path: /dev/kfd
        type: CharDevice