diff --git a/open-webui/open-webui-deployment.yml b/open-webui/open-webui-deployment.yml
new file mode 100644
index 0000000..b09f677
--- /dev/null
+++ b/open-webui/open-webui-deployment.yml
@@ -0,0 +1,49 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: open-webui
+  namespace: default
+  labels:
+    app: open-webui
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: open-webui
+  template:
+    metadata:
+      labels:
+        app: open-webui
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: mist
+      containers:
+        - name: open-webui
+          image: ghcr.io/open-webui/open-webui:main
+          ports:
+            - name: http
+              containerPort: 8080
+          env:
+            - name: OLLAMA_BASE_URL
+              value: "https://ollama.juntekim.com"
+            - name: ENABLE_SIGNUP
+              value: "true"
+            - name: DEFAULT_MODELS
+              value: ""
+            - name: DEFAULT_USER_ROLE
+              value: "user"
+          resources:
+            requests:
+              memory: "512Mi"
+              cpu: "250m"
+            limits:
+              memory: "2Gi"
+              cpu: "1000m"
+          volumeMounts:
+            - name: open-webui-data
+              mountPath: /app/backend/data
+      volumes:
+        - name: open-webui-data
+          persistentVolumeClaim:
+            claimName: open-webui-data-pvc
diff --git a/open-webui/open-webui-ingressroute.yml b/open-webui/open-webui-ingressroute.yml
new file mode 100644
index 0000000..08fe823
--- /dev/null
+++ b/open-webui/open-webui-ingressroute.yml
@@ -0,0 +1,19 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: open-webui
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`chatgpt.juntekim.com`)
+      kind: Rule
+      services:
+        - name: open-webui
+          port: 80
+  tls:
+    certResolver: myresolver
+    domains:
+      - main: chatgpt.juntekim.com
diff --git a/open-webui/open-webui-pv.yml b/open-webui/open-webui-pv.yml
new file mode 100644
index 0000000..0808e2d
--- /dev/null
+++ b/open-webui/open-webui-pv.yml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: open-webui-data-pv
+spec:
+  capacity:
+    storage: 2Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: local-path
+  local:
+    path: /home/kimjunte/open-ai
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - mist
diff --git a/open-webui/open-webui-pvc.yml b/open-webui/open-webui-pvc.yml
new file mode 100644
index 0000000..d376857
--- /dev/null
+++ b/open-webui/open-webui-pvc.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: open-webui-data-pvc
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path
diff --git a/open-webui/open-webui-service.yml b/open-webui/open-webui-service.yml
new file mode 100644
index 0000000..86ceaff
--- /dev/null
+++ b/open-webui/open-webui-service.yml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: open-webui
+  namespace: default
+spec:
+  type: ClusterIP
+  ports:
+    - protocol: TCP
+      name: http
+      port: 80
+      targetPort: 8080
+  selector:
+    app: open-webui
diff --git a/traefik/edge-router/traefik-deployment.yml b/traefik/edge-router/traefik-deployment.yml
index 059fab4..c93e7bf 100644
--- a/traefik/edge-router/traefik-deployment.yml
+++ b/traefik/edge-router/traefik-deployment.yml
@@ -14,6 +14,8 @@ spec:
         app: traefik
     spec:
       serviceAccountName: traefik-ingress-controller
+      nodeSelector:
+        kubernetes.io/hostname: mist
       volumes:
         - name: acme
           persistentVolumeClaim:
@@ -36,24 +38,13 @@ spec:
             - "--api.insecure=true"
             - "--entrypoints.web.address=:80"
             - "--entrypoints.websecure.address=:443"
-
-            # Redirect HTTP → HTTPS
             - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
             - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
-
-            # Providers
             - "--providers.kubernetescrd=true"
             - "--providers.kubernetescrd.allowCrossNamespace=true"
-
-
-            # TLS + ACME
             - "--certificatesresolvers.myresolver.acme.email=junte.kim@mealcraft.com"
             - "--certificatesresolvers.myresolver.acme.storage=/acme/acme.json"
             - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=route53"
-
-            # STAGING (uncomment for first-time)  
-            # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
-
           env:
             - name: AWS_REGION
               valueFrom:
@@ -69,4 +60,4 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: aws-secrets
-                  key: AWS_SECRET_ACCESS_KEY
+                  key: AWS_SECRET_ACCESS_KEY
\ No newline at end of file