WIP

redxen/dovecot/deployment.yml

@@ -0,0 +1,93 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/deployment-apps-v1.json
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  namespace: redxen
+  labels:
+    app: dovecot
+  name: dovecot-dp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dovecot
+  template:
+    metadata:
+      namespace: redxen
+      labels:
+        app: dovecot
+    spec:
+      hostUsers: false
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+        runAsNonRoot: true
+        runAsUser: 10000
+        runAsGroup: 10000
+      initContainers:
+        - name: volume-permissions
+          image: busybox
+          command: ["chown", "-c", "10000:10000", "/var/mail", "/run/dovecot", "/var/lib/dovecot"]
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities:
+              drop: ["SETPCAP", "MKNOD", "AUDIT_WRITE", "NET_RAW", "DAC_OVERRIDE", "FOWNER", "FSETID", "KILL", "SETGID", "SETUID", "NET_BIND_SERVICE", "SYS_CHROOT", "SETFCAP"]
+            runAsUser: 0
+            runAsNonRoot: false
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - name: mail-storage
+              mountPath: /var/mail
+            - name: dovecot-storage
+              mountPath: /var/lib/dovecot
+            - name: tmpfs-run
+              mountPath: /run/dovecot
+        - name: directories
+          image: busybox
+          command: ["mkdir", "-vp", "/run/dovecot/login"]
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities:
+              drop: ["ALL"]
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - name: tmpfs-run
+              mountPath: /run/dovecot
+      containers:
+        - name: dovecot
+          image: redxen.eu/daemons/dovecot:latest
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities:
+              drop: ["SETPCAP", "MKNOD", "AUDIT_WRITE", "NET_RAW", "DAC_OVERRIDE", "FOWNER", "FSETID", "KILL", "SETGID", "SETUID", "NET_BIND_SERVICE", "SYS_CHROOT", "SETFCAP"]
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - name: mail-storage
+              mountPath: /var/mail
+            - name: dovecot-storage
+              mountPath: /var/lib/dovecot
+            - name: tmpfs-run
+              mountPath: /run/dovecot
+          ports:
+            - name: imap
+              containerPort: 143
+            - name: lmtp
+              containerPort: 11555
+            - name: auth
+              containerPort: 11666
+      volumes:
+        - name: mail-storage
+          persistentVolumeClaim:
+            claimName: mail-pvc
+            readOnly: false
+        - name: dovecot-storage
+          emptyDir:
+            medium: Memory
+            sizeLimit: 4Mi
+        - name: tmpfs-run
+          emptyDir:
+            medium: Memory
+            sizeLimit: 4Mi

redxen/dovecot/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yml
+  - persistentvolume.yml
+  - persistentvolumeclaim.yml
+  - service.yml

redxen/dovecot/persistentvolume.yml

@@ -0,0 +1,28 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/persistentvolume-v1.json
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  namespace: redxen
+  name: mail-pv
+spec:
+  storageClassName: local-storage
+  claimRef:
+    namespace: redxen
+    name: mail-pvc
+  capacity:
+    storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  #persistentVolumeReclaimPolicy: Retain
+  hostPath:
+    path: /var/lib/mail
+    type: DirectoryOrCreate
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - bournemouth.united-kingdom

redxen/dovecot/persistentvolumeclaim.yml

@@ -0,0 +1,15 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/persistentvolumeclaim-v1.json
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  namespace: redxen
+  name: mail-pvc
+spec:
+  volumeName: mail-pv
+  storageClassName: local-storage
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

redxen/dovecot/service.yml

@@ -0,0 +1,22 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/service-v1.json
+kind: Service
+apiVersion: v1
+metadata:
+  namespace: redxen
+  labels:
+    app: dovecot
+  name: dovecot-sv
+spec:
+  selector:
+    app: dovecot
+  type: ClusterIP
+  ports:
+    - name: imap
+      port: 143
+      protocol: TCP
+    - name: lmtp
+      port: 11555
+      protocol: TCP
+    - name: auth
+      port: 11666
+      protocol: TCP

redxen/gitea/deployment.yml

@@ -58,11 +58,11 @@ spec:
               containerPort: 2442
           livenessProbe:
             httpGet:
-              port: http
+              port: 3000
               httpHeaders:
                 - name: "Host"
                   value: "git.redxen.eu"
-              path: /
+              path: /api/healthz
       volumes:
         - name: gitea-storage
           persistentVolumeClaim:

redxen/gitea/persistentvolumeclaim.yml

@@ -7,6 +7,7 @@ metadata:
     app: gitea
   name: gitea-pvc
 spec:
+  volumeName: gitea-pv
   selector:
     matchLabels:
       app: gitea

redxen/grafana/deployment.yml

@@ -52,11 +52,10 @@ spec:
             - name: grafana-storage
               mountPath: /var/lib/grafana
           ports:
-            - name: http
-              containerPort: 3000
+            - containerPort: 3000
           livenessProbe:
             httpGet:
-              port: http
+              port: 3000
               httpHeaders:
                 - name: "Host"
                   value: "stats.redxen.eu"

redxen/grafana/persistentvolumeclaim.yml

@@ -7,6 +7,7 @@ metadata:
     app: grafana
   name: grafana-pvc
 spec:
+  volumeName: grafana-pv
   selector:
     matchLabels:
       app: grafana

redxen/haproxy/daemonset.yml

@@ -39,12 +39,18 @@ spec:
             allowPrivilegeEscalation: false
             readOnlyRootFilesystem: true
           ports:
-            - containerPort: 80
+            - name: http
+              containerPort: 80
               hostPort: 80
               protocol: TCP
-            - containerPort: 443
+            - name: https
+              containerPort: 443
               hostPort: 443
               protocol: TCP
-            - containerPort: 5000
+            - name: registry
+              containerPort: 5000
               hostPort: 5000
               protocol: TCP
+            - name: metrics
+              containerPort: 9100
+              protocol: TCP

redxen/haproxy/kustomization.yaml

@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - daemonset.yml
+  - service.yml

redxen/haproxy/service.yml

@@ -0,0 +1,16 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/service-v1.json
+kind: Service
+apiVersion: v1
+metadata:
+  namespace: redxen
+  labels:
+    app: haproxy
+  name: haproxy-sv
+spec:
+  selector:
+    app: haproxy
+  type: ClusterIP
+  ports:
+    - name: prometheus
+      port: 9100
+      protocol: TCP

redxen/homepage/deployment.yml

@@ -52,11 +52,10 @@ spec:
             - name: tmpfs-run
               mountPath: /run/nginx
           ports:
-            - name: http
-              containerPort: 80
+            - containerPort: 80
           livenessProbe:
             httpGet:
-              port: http
+              port: 80
               httpHeaders: 
                 - name: "Host"
                   value: "redxen.eu"

redxen/kustomization.yaml

@@ -13,3 +13,7 @@ resources:
   - redis/
   - registry/
   - nsd/
+  - opendkim/
+  - rspamd/
+  - prometheus/
+  - loki/

redxen/loki/deployment.yml

@@ -0,0 +1,68 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/deployment-apps-v1.json
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  namespace: redxen
+  labels:
+    app: loki
+  name: loki-dp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: loki
+  template:
+    metadata:
+      namespace: redxen
+      labels:
+        app: loki
+    spec:
+      hostUsers: false
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+        runAsNonRoot: true
+        runAsUser: 10000
+        runAsGroup: 10000
+      initContainers:
+        - name: volume-permissions
+          image: busybox
+          command: ["chown", "-c", "10000:10000", "/var/lib/loki"]
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities:
+              drop: ["SETPCAP", "MKNOD", "AUDIT_WRITE", "NET_RAW", "DAC_OVERRIDE", "FOWNER", "FSETID", "KILL", "SETGID", "SETUID", "NET_BIND_SERVICE", "SYS_CHROOT", "SETFCAP"]
+            runAsUser: 0
+            runAsNonRoot: false
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - name: loki-storage
+              mountPath: /var/lib/loki
+      containers:
+        - name: loki
+          image: redxen.eu/daemons/loki:latest
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities:
+              drop: ["ALL"]
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - name: loki-storage
+              mountPath: /var/lib/loki
+          ports:
+            - containerPort: 3100
+          readinessProbe:
+            httpGet:
+              port: 3100
+              path: /ready
+          livenessProbe:
+            httpGet:
+              port: 3100
+              path: /ready
+      volumes:
+        - name: loki-storage
+          persistentVolumeClaim:
+            claimName: loki-pvc
+            readOnly: false

redxen/loki/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yml
+  - persistentvolume.yml
+  - persistentvolumeclaim.yml
+  - service.yml

redxen/loki/persistentvolume.yml

@@ -0,0 +1,30 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/persistentvolume-v1.json
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  namespace: redxen
+  labels:
+    app: loki
+  name: loki-pv
+spec:
+  storageClassName: local-storage
+  claimRef:
+    namespace: redxen
+    name: loki-pvc
+  capacity:
+    storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  #persistentVolumeReclaimPolicy: Retain
+  hostPath:
+    path: /var/lib/loki
+    type: DirectoryOrCreate
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - bournemouth.united-kingdom

redxen/loki/persistentvolumeclaim.yml

@@ -0,0 +1,20 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/persistentvolumeclaim-v1.json
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  namespace: redxen
+  labels:
+    app: loki
+  name: loki-pvc
+spec:
+  volumeName: loki-pv
+  selector:
+    matchLabels:
+      app: loki
+  storageClassName: local-storage
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

redxen/loki/service.yml

@@ -0,0 +1,16 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/service-v1.json
+kind: Service
+apiVersion: v1
+metadata:
+  namespace: redxen
+  labels:
+    app: loki
+  name: loki-sv
+spec:
+  selector:
+    app: loki
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 3100
+      protocol: TCP

redxen/murmur/deployment.yml

@@ -44,4 +44,4 @@ spec:
               protocol: UDP
           livenessProbe:
             tcpSocket:
-              port: murmur-tcp
+              port: 64738

redxen/node_exporter/daemonset.yml

@@ -40,13 +40,18 @@ spec:
             allowPrivilegeEscalation: false
             readOnlyRootFilesystem: true
           ports:
-            - containerPort: 9100
+            - name: http
+              containerPort: 9100
               hostPort: 9100
               protocol: TCP
           volumeMounts:
             - name: host-ro
               readOnly: true
               mountPath: /host
+          livenessProbe:
+            httpGet:
+              port: 9100
+              path: /metrics
       volumes:
         - name: host-ro
           hostPath:

redxen/node_exporter/kustomization.yaml

@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - daemonset.yml
+  - service.yml

redxen/node_exporter/service.yml

@@ -0,0 +1,16 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/service-v1.json
+kind: Service
+apiVersion: v1
+metadata:
+  namespace: redxen
+  labels:
+    app: node-exporter
+  name: node-exporter-sv
+spec:
+  selector:
+    app: node-exporter
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 9100
+      protocol: TCP

redxen/nsd/deployment.yml

@@ -10,7 +10,7 @@ spec:
   selector:
     matchLabels:
       app: nsd
-  replicas: 3
+  replicas: 2
   template:
     metadata:
       namespace: redxen

redxen/opendkim/deployment.yml

@@ -0,0 +1,37 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/deployment-apps-v1.json
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  namespace: redxen
+  labels:
+    app: opendkim
+  name: opendkim-dp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: opendkim
+  template:
+    metadata:
+      namespace: redxen
+      labels:
+        app: opendkim
+    spec:
+      hostUsers: false
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+        runAsNonRoot: true
+        runAsUser: 10000
+        runAsGroup: 10000
+      containers:
+        - name: opendkim
+          image: redxen.eu/daemons/opendkim:latest
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities:
+              drop: ["ALL"]
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          ports:
+            - containerPort: 8891

redxen/opendkim/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yml
+  - service.yml

redxen/opendkim/service.yml

@@ -0,0 +1,16 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/service-v1.json
+kind: Service
+apiVersion: v1
+metadata:
+  namespace: redxen
+  labels:
+    app: opendkim
+  name: opendkim-sv
+spec:
+  selector:
+    app: opendkim
+  type: ClusterIP
+  ports:
+    - name: opendkim
+      port: 8891
+      protocol: TCP

redxen/postgresql/persistentvolumeclaim.yml

@@ -7,6 +7,7 @@ metadata:
     app: postgresql
   name: postgresql-pvc
 spec:
+  volumeName: postgresql-pv
   selector:
     matchLabels:
       app: postgresql

redxen/prometheus/deployment.yml

@@ -0,0 +1,64 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/deployment-apps-v1.json
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  namespace: redxen
+  labels:
+    app: prometheus
+  name: prometheus-dp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: prometheus
+  template:
+    metadata:
+      namespace: redxen
+      labels:
+        app: prometheus
+    spec:
+      hostUsers: false
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+        runAsNonRoot: true
+        runAsUser: 10000
+        runAsGroup: 10000
+      initContainers:
+        - name: volume-permissions
+          image: busybox
+          command: ["chown", "-c", "10000:10000", "/var/lib/prometheus"]
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities:
+              drop: ["SETPCAP", "MKNOD", "AUDIT_WRITE", "NET_RAW", "DAC_OVERRIDE", "FOWNER", "FSETID", "KILL", "SETGID", "SETUID", "NET_BIND_SERVICE", "SYS_CHROOT", "SETFCAP"]
+            runAsUser: 0
+            runAsNonRoot: false
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - name: prometheus-storage
+              mountPath: /var/lib/prometheus
+      containers:
+        - name: prometheus
+          image: redxen.eu/daemons/prometheus:latest
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities:
+              drop: ["ALL"]
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - name: prometheus-storage
+              mountPath: /var/lib/prometheus
+          ports:
+            - containerPort: 9090
+          livenessProbe:
+            httpGet:
+              port: 9090
+              path: /
+      volumes:
+        - name: prometheus-storage
+          persistentVolumeClaim:
+            claimName: prometheus-pvc
+            readOnly: false

redxen/prometheus/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yml
+  - persistentvolume.yml
+  - persistentvolumeclaim.yml
+  - service.yml

redxen/prometheus/persistentvolume.yml

@@ -0,0 +1,30 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/persistentvolume-v1.json
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  namespace: redxen
+  labels:
+    app: prometheus
+  name: prometheus-pv
+spec:
+  storageClassName: local-storage
+  claimRef:
+    namespace: redxen
+    name: prometheus-pvc
+  capacity:
+    storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  #persistentVolumeReclaimPolicy: Retain
+  hostPath:
+    path: /var/lib/prometheus
+    type: DirectoryOrCreate
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - bournemouth.united-kingdom

redxen/prometheus/persistentvolumeclaim.yml

@@ -0,0 +1,20 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/persistentvolumeclaim-v1.json
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  namespace: redxen
+  labels:
+    app: prometheus
+  name: prometheus-pvc
+spec:
+  volumeName: prometheus-pv
+  selector:
+    matchLabels:
+      app: prometheus
+  storageClassName: local-storage
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

redxen/prometheus/service.yml

@@ -0,0 +1,16 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/service-v1.json
+kind: Service
+apiVersion: v1
+metadata:
+  namespace: redxen
+  labels:
+    app: prometheus
+  name: prometheus-sv
+spec:
+  selector:
+    app: prometheus
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 9090
+      protocol: TCP

redxen/redis/persistentvolumeclaim.yml

@@ -7,6 +7,7 @@ metadata:
     app: redis
   name: redis-pvc
 spec:
+  volumeName: redis-pv
   selector:
     matchLabels:
       app: redis

redxen/registry/persistentvolumeclaim.yml

@@ -7,6 +7,7 @@ metadata:
     app: registry
   name: registry-pvc
 spec:
+  volumeName: registry-pv
   selector:
     matchLabels:
       app: registry

redxen/rspamd/deployment.yml

@@ -0,0 +1,63 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/deployment-apps-v1.json
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  namespace: redxen
+  labels:
+    app: rspamd
+  name: rspamd-dp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: rspamd
+  template:
+    metadata:
+      namespace: redxen
+      labels:
+        app: rspamd
+    spec:
+      hostUsers: false
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+        runAsNonRoot: true
+        runAsUser: 10000
+        runAsGroup: 10000
+      initContainers:
+        - name: volume-permissions
+          image: busybox
+          command: ["chown", "-c", "10000:10000", "/var/lib/rspamd"]
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities:
+              drop: ["SETPCAP", "MKNOD", "AUDIT_WRITE", "NET_RAW", "DAC_OVERRIDE", "FOWNER", "FSETID", "KILL", "SETGID", "SETUID", "NET_BIND_SERVICE", "SYS_CHROOT", "SETFCAP"]
+            runAsUser: 0
+            runAsNonRoot: false
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - name: rspamd-data
+              mountPath: /var/lib/rspamd
+      containers:
+        - name: rspamd
+          image: redxen.eu/daemons/rspamd:latest
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            capabilities:
+              drop: ["ALL"]
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - name: rspamd-data
+              mountPath: /var/lib/rspamd
+          ports:
+            - containerPort: 7510
+            - containerPort: 7511
+            - containerPort: 7512
+            - containerPort: 7513
+      volumes:
+        - name: rspamd-data
+          emptyDir:
+            medium: Memory
+            sizeLimit: 128Mi

redxen/rspamd/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yml
+  - service.yml

redxen/rspamd/service.yml

@@ -0,0 +1,25 @@
+# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/service-v1.json
+kind: Service
+apiVersion: v1
+metadata:
+  namespace: redxen
+  labels:
+    app: rspamd
+  name: rspamd-sv
+spec:
+  selector:
+    app: rspamd
+  type: ClusterIP
+  ports:
+    - name: normal
+      port: 7511
+      protocol: TCP
+    - name: controller
+      port: 7512
+      protocol: TCP
+    - name: proxy
+      port: 7510
+      protocol: TCP
+    - name: fuzzy
+      port: 7513
+      protocol: TCP