Onboard the etersoft cluster

2024-10-11 20:00:57 +02:00 · 2024-10-11 20:00:57 +02:00 · 205113bafd
commit 205113bafd
parent a3d8a0e93c
12 changed files with 195 additions and 173 deletions
--- a/common/environments.yaml
+++ b/common/environments.yaml
@ -8,6 +8,10 @@ environments:
          enabled: true
      - backups:
          enabled: false
+      - localpath:
+          enabled: false
+      - openebs:
+          enabled: true
  etersoft:
    kubeContext: etersoft
    values:
@ -19,3 +23,5 @@ environments:
          enabled: true
      - openebs:
          enabled: false
+      - localpath:
+          enabled: true
--- a/installations/applications/helmfile-badhouseplants.yaml
+++ b/installations/applications/helmfile-badhouseplants.yaml
--- a/installations/applications/helmfile-etersoft.yaml
+++ b/installations/applications/helmfile-etersoft.yaml
@ -0,0 +1,26 @@
+bases:
+  - ../../common/environments.yaml
+  - ../../common/templates.yaml
+repositories:
+  - name: allangers-charts
+    url: ghcr.io/allanger/allangers-charts
+    oci: true
+  - name: gabe565
+    url: ghcr.io/gabe565/charts
+    oci: true
+releases:
+  - name: openvpn
+    chart: allangers-charts/openvpn
+    version: 0.0.2
+    namespace: applications
+    inherit:
+      - template: default-env-values
+      - template: ext-tcp-routes
+  - name: qbittorrent
+    chart: gabe565/qbittorrent
+    version: 0.3.7
+    namespace: applications
+    inherit:
+      - template: default-env-values
+      - template: ext-secret
+      - template: ext-traefik-middleware
--- a/installations/platform/helmfile.yaml
+++ b/installations/platform/helmfile.yaml
@ -66,6 +66,7 @@ releases:
    version: 2024.8.3
    namespace: platform
    createNamespace: false
+    condition: workload.enabled
    needs:
      - platform/db-operator
    inherit:
@ -82,12 +83,14 @@ releases:
  - name: kyverno
    chart: kyverno/kyverno
    namespace: kyverno
+    condition: workload.enabled
    labels:
      bootstrap: true
    version: 3.2.7
  - name: kyverno-policies
    chart: kyverno/kyverno-policies
    namespace: kyverno
+    condition: workload.enabled
    labels:
      bootstrap: true
    version: 3.2.6
@ -96,6 +99,7 @@ releases:
  - name: custom-kyverno-policies
    chart: ../../kustomizations/kyverno/
    namespace: kyverno
+    condition: workload.enabled
    labels:
      bootstrap: true
    needs:
--- a/installations/system/helmfile.yaml
+++ b/installations/system/helmfile.yaml
@ -24,6 +24,8 @@ repositories:
    url: https://vmware-tanzu.github.io/helm-charts/
  - name: openebs
    url: https://openebs.github.io/openebs
+  - name: local-path-provisioner
+    url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
 releases:
  - name: namespaces
    chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
@ -131,3 +133,12 @@ releases:
      - kube-system/cilium
    inherit:
      - template: default-env-values
+  # -- Not versions since it's installed from git
+  - name: local-path-provisioner
+    chart: local-path-provisioner/local-path-provisioner
+    condition: localpath.enabled
+    namespace: kube-system
+    needs:
+      - kube-system/cilium
+    inherit:
+      - template: default-env-values
--- a/manifests/debug.yaml
+++ b/manifests/debug.yaml
@ -1,11 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  labels:
-    app.kubernetes.io/instance: server-xray-public
-    app.kubernetes.io/name: server-xray
  name: debug
-  namespace: public-xray
 spec:
  containers:
    - args:
--- a/values/badhouseplants/secrets.velero.yaml
+++ b/values/badhouseplants/secrets.velero.yaml
@ -1,8 +1,8 @@
 credentials:
-  useSecret: ENC[AES256_GCM,data:jaRt6g==,iv:tFJ1xXlSvzdmGk32IxNoygKkOTYg1uhWiTQ+Fb4vxho=,tag:w7eY7ByCOnR2yx5hnoeL7Q==,type:bool]
-  name: ENC[AES256_GCM,data:iXPmDVTNHwQKNpUbqjWI,iv:6ykrI3VcYPKInFAPsYl0TzynEdl/PQvCKQp0UCtytXM=,tag:LuTomLPweH/e5Ubr4O8LOw==,type:str]
+  useSecret: ENC[AES256_GCM,data:aeEoxA==,iv:OGb9hAy+LJuH2ZPVVAyEkLUXpiqsYat1vFvHfxnnz+k=,tag:DLkOF+a4QWcjiNnDmQsrNg==,type:bool]
+  name: ENC[AES256_GCM,data:f68NZYuDiN4uQUGA6JFl,iv:ugx3j6xxplh9nD/gWo56FfZ7UNB3m2Ta5vXpuvJTOhs=,tag:we/ZrIa6wYicsfhDL2seqQ==,type:str]
  secretContents:
-    data: ENC[AES256_GCM,data:DC9XGNH0Q1PYEs2AesQWsYCIUS8iXWc7UsU+Y6e2Mt04vWFNpPMHxFUgMVHU4X7BChoyW/vXF3EPPORga99Xdf8q4+LprOZ4,iv:+poyt47TO3+lVzkK8L32OJreylYPJlZslBGpnNlO+aE=,tag:5qzH/6FHcIsMI7SKLadSgA==,type:str]
+    data: ENC[AES256_GCM,data:I+of51MXK+TXvGODqqk3xJ4yLFf516Acvr5HjfBJ1RNQKLP8kJ2w/6djOz6iF57WThl12Q3Nj68P8+uC6ZZ8uyS9P/AD5UVeDCeeTF0bSBdDoK0=,iv:+LdjdMyFB8xN61DxD5zEUGFbTJsGX5rRsqtZB+xwJno=,tag:ANV7UaZ839PIh+frj1UGkQ==,type:str]
 sops:
  kms: []
  gcp_kms: []
@ -12,14 +12,14 @@ sops:
    - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
      enc: |
        -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnZG1RaForN3gwd081UzM5
-        SkZCVVNjVjFMRzRLbmI0VGV3QlZUdk9pT3hJCklsL0dIcDg1d0xsL2tYTlZBNDVY
-        Ykp6THppMERGNm5FTUg5NFgyMkRBN1EKLS0tIE1Uclk0bnZibko1aHI0WXlpSFFQ
-        WjVKZ1RCQzJwM04rYmQ5Q0x5SHJrdjQK/Y3T0XyH6JKG8OXip25W4EJBQlF6obbe
-        GPv/C5IfnquKv4rGwrLxZuIKYBHmHrwmu5fj/5ls9i+Mr4FbaJt9NA==
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZVREdnRXcm1KSXFXR1Zx
+        VTlNMnFyTy8waDZuVTJ3ckphcFdxQ1pZNEFBCm1TcTlDTWhjMFdnZWN2RXNhN1RH
+        QmNJTWRneko4Ui9IMlExYVJMZlExZ1UKLS0tIDhLcytJY3NJR1g0MTQ3dlNtU2M3
+        dWFFUWt0UnAyTTBxNVVhNGxQY01XWnMKPSBtx7LUUX/hRkCvJHn2d42M8FaNtUPY
+        0hUgS8ySUx7avpijvvBQYxLhGj9qzpMdfEX/4jQzM9Q5E9LviOA63w==
        -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-10-11T12:09:20Z"
-  mac: ENC[AES256_GCM,data:o6jRT/fyR25ChKrfWnx5AapVpiPxJYLJy9NbOTv/CBv0iO9/CKTh0HpeHkvkechPuBlQexI06f1bjqXUkKNFefrh/EIS82it0WGHpUwL+UUsh+g0ZfvZ23NvhFvYCUzxG48E+VxXV2Pt3VsqwxczNb4LCCBf6Nv2ljE4T0eezlA=,iv:5Ed9ZjdotnlWLq6cos3zwmvxRdibYPmXifKwj4eiDY0=,tag:Ct9fbr9aLz3jXl16Sk9LaQ==,type:str]
+  lastmodified: "2024-10-11T12:28:10Z"
+  mac: ENC[AES256_GCM,data:f3KDO0lqWydj2RS36Ak3Ml6IixNUvSbwDboFGsg7GDju839xIAJFS1RzoW9As67MBL0YLSh9t9uI0566oPmRr0SEW1/sWQpp0BXA3EQB2jzejnnPRbZnWesFJZL5qNSOGIXmacWXMDzNNAD83mxUsRj2DxfIiKJuI4fKFgmCzCg=,iv:XlFo8+wJtjBaGcM7EW1I1lRTttcijq1u/gE2dX3x2iw=,tag:6kkMBGG8UQy4e7jMcBCBFQ==,type:str]
  pgp: []
  unencrypted_suffix: _unencrypted
-  version: 3.9.0
+  version: 3.9.1
--- a/values/etersoft/secrets.minio.yaml
+++ b/values/etersoft/secrets.minio.yaml
@ -0,0 +1,38 @@
+rootPassword: ENC[AES256_GCM,data:JF0ZjTiuvYzO9Ol7ma268WS/VugWW/2Jaw==,iv:VBxzVeCLB74en8BiybMZHvrB9FIyssrGtDpsaXqCtBQ=,tag:DOhQwg7D+tEqcikrcv88FQ==,type:str]
+users:
+  - accessKey: ENC[AES256_GCM,data:4vsyrmk6clo=,iv:lcDiS+AFB3yAzsrKbfyDQnYuT2twGpd0kC/z7YhpsbQ=,tag:fpBGkAVPNiTrxDCE1pXR3A==,type:str]
+    secretKey: ENC[AES256_GCM,data:3kqn1s4wqGLURlfrhNYMGjaoZAw+HF4rwg==,iv:0xLW4f6N0g3h8FfOUGfbVOhnSTKLsy71Ubt+2z4dSC0=,tag:HkEJ/LSbn+8RfGF8FAYqHQ==,type:str]
+    policy: ENC[AES256_GCM,data:FJEdDNqZA30=,iv:ZI7Nbzwi3RtIuadt3/UBA5AbQJjjiB2M/uoj2AFA/10=,tag:U3BZ6cFRS09fnKkA7kROJA==,type:str]
+  - accessKey: ENC[AES256_GCM,data:0poCmmka,iv:O51Mx43yigleqadiR7b8i7uxOT+38C88efa/TUbYBj0=,tag:r9ZwW5pxvPxLSyQTezAN1Q==,type:str]
+    secretKey: ENC[AES256_GCM,data:fRpbe2HbTNactZx+60jtd0YL1pCmhWMYgw==,iv:tmZbhzQxx8+Tyxpx+jQ0YCXBVfR74BM3yGlai8IXZHE=,tag:xk9l8Rse9Hnj0Qcmnm/cmA==,type:str]
+    policy: ENC[AES256_GCM,data:oxr+5V8C,iv:EHFqChAYnZP9PqejnpA9coJIlO9s9VllMIXUM1HLSpY=,tag:/Al9G92TUtxWAcwkTaQJCA==,type:str]
+oidc:
+  enabled: ENC[AES256_GCM,data:lMx4vU8=,iv:J2/vLve9rjzAS6IGFEMixfSTa+0bRTxKcy8iRUuhvSY=,tag:Xz5/xmyUgLmW9YLXRc/D4A==,type:bool]
+  configUrl: ENC[AES256_GCM,data:eGE12HZTCzRkC4I+chRrk/GZjN4uBf6BEkrfgj4w3AKoe/zRfn5fbfOeZcYswJxmemf5jV0/Z8Xf7qRAOfogF0j/oAGPr6Ljf1xmJ37W72Giz9AJGBOWOnk=,iv:Fxwb59KoX/+xsbAJ4Gimxs5EbFaJf47KIosexsg6+xw=,tag:hWh/HbR8Re0F79amQhprmw==,type:str]
+  clientId: ENC[AES256_GCM,data:HV3Na7c=,iv:J+zpkI6f24cjnETRcIIv9M7ZcYf59TSIui05TOQJvJU=,tag:F3nmBGoW2lZ8GR09hRZ6YQ==,type:str]
+  clientSecret: ENC[AES256_GCM,data:gIGqUq1CAl+Y6EBBhWW8qjsUnUpuril/eH+gZBWG9J3O8dJjX3Z4MA8Q4HZPVdz5Q+6cZlIQ8nf5xbDQsGKFJgE0IqlM2B+pLd+toCpstP2irwHbx5z1RSHo8az70al87AaAKeAlWF0xVbVhpN5JrAQcjALOUbgeBg72QLQZOUw=,iv:bwc677iXUyX4R37j25iuKS37H8hwwEleEIArrQLNfhU=,tag:guPzIqsD+4s51rTK61fx2A==,type:str]
+  claimName: ENC[AES256_GCM,data:wXZh3m5M,iv:0iuETRNlJeiAwgeMbXuECh1EYuHQ+FI+++aL7jgMU9s=,tag:BBwQbNfPmwnjx5Hrk68sZQ==,type:str]
+  redirectUri: ENC[AES256_GCM,data:FSeRB5+TscUcZCwJhpaDHGbpUa49yF/eW4vjN036hfCJ2r0jdSiDrU2CjVTqcl8=,iv:4ap8l61BRye4K0imsF34zXiEmN13uwe86PTxcnTOEm0=,tag:k62A6DGt0n1Ra/NJoss+FQ==,type:str]
+  comment: ENC[AES256_GCM,data:U9F6nifLDU9DkfVXoCOHUJC7H2M=,iv:xR4P03dfn1OXGD4zx3OXOPwHGh4/rJHVqDp0Qn+Oacw=,tag:AXfM+5M2ZdtNJ6oJgeyqZw==,type:str]
+  claimPrefix: ""
+  scopes: ENC[AES256_GCM,data:rkal2ggLfUTsMu739T5aXWM7MF4ny+k6m6D5,iv:Xl1siRhxvWlqlAcZzV5N1hZTH3hg+HsEujwn9kLFovM=,tag:LKza7MMkC2x6ZeYVKIop5w==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMHA0bUNTVnlHWU03UWhn
+        eHJ0Y2xzREVxTlhWbk5GRzhSa3RoV2lValY0CkcxbEZyc1VQNnozcTRteVlVQXNy
+        cUlyNDFtMTRPMnF1TmNIRjB4RkdZK28KLS0tIFBJdG05MklnV3IyYVJ5VDF6VE9n
+        VkVEQitNb0VOa1BJNkZ5d0E2czNtRXcKby+2hCLGWWKVsQeb5rLdl/LOvh9zQOyr
+        c1Spv2k7duos1MNnbQvRtRbJyYCRdo9Q7ZjbXiJL+Wb5//MGCfJi0w==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-10-14T05:40:46Z"
+  mac: ENC[AES256_GCM,data:yFMVr4gztundDVhLKENNfn+/WS/n8kJFXJ52aF7vAZtJ3UYibUBJh88BWYQn2euBUiPZXu2xNp0/SBUTKocJE9a9g9O+mjLemTzCOsHD7mMmKwHc9BSUnzPpKne+hdfNaWW8V0LP5hnlDeIT+75dcqu9f4I/v/ipsOk+C1WeKU4=,iv:gkDc7bqtoFrz6GG7NiBY8PUn1etWEAomhI8mf9b5jD0=,tag:1m2Ysku6FMlceILUisK5bw==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.1
--- a/values/etersoft/values.minio.yaml
+++ b/values/etersoft/values.minio.yaml
@ -1,9 +1,7 @@
---
 ingress:
  enabled: true
-  ingressClassName: ~
+  ingressClassName: traefik
  annotations:
-    kubernetes.io/ingress.class: traefik
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.allow-http: "false"
    kubernetes.io/ingress.global-static-ip-name: ""
@ -11,16 +9,15 @@ ingress:
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
  path: /
  hosts:
-    - s3.3.badhouseplants.net
+    - s3.e.badhouseplants.net
  tls:
    - secretName: s3.e.badhouseplants.net
      hosts:
        - s3.e.badhouseplants.net
 consoleIngress:
  enabled: true
-  ingressClassName: ~
+  ingressClassName: traefik
  annotations:
-    kubernetes.io/ingress.class: traefik
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.allow-http: "false"
    kubernetes.io/ingress.global-static-ip-name: ""
@ -28,12 +25,11 @@ consoleIngress:
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
  path: /
  hosts:
-    - minio.e.badhouseplants.net
+    - min.e.badhouseplants.net
  tls:
-    - secretName: minio.e.badhouseplants.net
+    - secretName: min.e.badhouseplants.net
      hosts:
-        - minio.e.badhouseplants.net
-
+        - min.e.badhouseplants.net
 rootUser: 'overlord'
 replicas: 1
 mode: standalone
@ -45,9 +41,12 @@ tls:
  publicCrt: public.crt
  privateKey: private.key
 persistence:
+  annotations:
+    volume.kubernetes.io/selected-node: yekaterinburg
+  storageClass: local-path
  enabled: true
  accessMode: ReadWriteOnce
-  size: 100Gi
+  size: 10Gi
 service:
  type: ClusterIP
  clusterIP: ~
@ -60,25 +59,10 @@ resources:
  requests:
    memory: 2Gi
 buckets:
-  - name: badhouseplants-net
-    policy: download
-    purge: false
-    versioning: false
-  - name: badhouseplants-js
-    policy: download
-    purge: false
-    versioning: false
-  - name: badhouseplants-net-main
-    policy: download
-    purge: false
-    versioning: false
-  - name: sharing
-    policy: download
-    purge: false
-    versioning: false
-  - name: allanger-music
-    policy: download
+  - name: velero
+    policy: none
    purge: false
+    versioning: fase
 metrics:
  serviceMonitor:
    enabled: false
@ -97,35 +81,13 @@ policies:
      - resources: []
        actions:
          - "kms:*"
-  - name: Admins
+  - name: velero
    statements:
      - resources:
-          - 'arn:aws:s3:::*'
-        actions:
-          - "s3:*"
-      - resources: []
-        actions:
-          - "admin:*"
-      - resources: []
-        actions:
-          - "kms:*"
-  - name: DevOps
-    statements:
-      - resources:
-          - 'arn:aws:s3:::badhouseplants-net'
+          - 'arn:aws:s3:::velero'
        actions:
          - "s3:*"
      - resources:
-          - 'arn:aws:s3:::badhouseplants-net/*'
-        actions:
-          - "s3:*"
-  - name: sharing
-    statements:
-      - resources:
-          - 'arn:aws:s3:::sharing'
-        actions:
-          - "s3:*"
-      - resources:
-          - 'arn:aws:s3:::sharing/*'
+          - 'arn:aws:s3:::velero/*'
        actions:
          - "s3:*"
--- a/values/etersoft/values.openvpn.yaml
+++ b/values/etersoft/values.openvpn.yaml
@ -1,35 +1,47 @@
+image:
+  repository: zot.badhouseplants.net/allanger/container-openvpn
+  # ------------------------------------------
+  # -- Istio extenstion. Just because I'm
+  # --  not using ingress nginx
+  # ------------------------------------------
+  # istio:
+# enabled: true
+# istio:
+# - name: openvpn-tcp-xor
+# gateway: istio-system/badhouseplants-vpn
+# kind: tcp
+# port_match: 1194
+# hostname: "*"
+# service: openvpn-xor
+# port: 1194
+
+# ------------------------------------------
+traefik:
+  enabled: true
+  tcpRoutes:
+    - name: openvpn
+      service: openvpn
+      match: HostSNI(`*`)
+      entrypoint: openvpn
+      port: 1194
+tcproute:
+  enabled: false
 storage:
-  class: microk8s-hostpath
-  size: 5Gi
+  annotations:
+    volume.kubernetes.io/selected-node: yekaterinburg
+  size: 128Mi
 openvpn:
  proto: tcp
  host: 91.232.225.63
+easyrsa:
+  cn: Bad Houseplants
+  country: Germany
+  province: Hamburg
+  city: Hamburg
+  org: Bad Houseplants
+  email: allanger@badhouseplants.net.com
 service:
  type: ClusterIP
  port: 1194
  targetPort: 1194
  protocol: TCP
-easyrsa:
-  cn: Bad Houseplants
-  country: Germany
-  province: NRW
-  city: Duesseldorf
-  org: Bad Houseplants
-  email: allanger@zohomail.com
-istio-resources:
-  enabled: true
-  gateways:
-    - metadata:
-        name: etersoft-vpn
-        namespace: istio-system
-      spec:
-        selector: 
-          istio: ingressgateway
-        servers: 
-          - hosts:
-              - '*'
-            port:
-              name: openvpn
-              number: 1194
-              protocol: TCP
-
--- a/values/etersoft/values.qbittorrent.yaml
+++ b/values/etersoft/values.qbittorrent.yaml
@ -0,0 +1,45 @@
+ext-secret:
+  enabled: true
+  name: torrent-basic-auth
+  data:
+    users: |
+      allanger:$apr1$kNwkQ0S.$9q29sib/xWEp3NDp.tquw/
+middleware:
+  enabled: true
+  middlewares:
+    - name: torrentauth
+      spec:
+        basicAuth:
+          secret: torrent-basic-auth
+ingress:
+  # -- Enable and configure ingress settings for the chart under this key.
+  # @default -- See [values.yaml](./values.yaml)
+  main:
+    ingressClassName: traefik
+    annotations:
+      kubernetes.io/tls-acme: "true"
+      kubernetes.io/ingress.allow-http: "false"
+      kubernetes.io/ingress.global-static-ip-name: ""
+      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+      traefik.ingress.kubernetes.io/router.middlewares: applications-torrentauth@kubernetescrd
+    enabled: true
+    hosts:
+      - host: tor.e.badhouseplants.net
+        paths:
+          - path: /
+    tls:
+      - secretName: tor.e.badhouseplants.net
+        hosts:
+          - tor.e.badhouseplants.net
+persistence:
+  config:
+    annotations:
+      volume.kubernetes.io/selected-node: yekaterinburg
+    enabled: true
+    size: 1Gi
+  downloads:
+    annotations:
+      volume.kubernetes.io/selected-node: yekaterinburg
+    enabled: true
+    size: 10Gi
+    accessMode: ReadWriteOnce
--- a/values/etersoft/values.traefik.yaml
+++ b/values/etersoft/values.traefik.yaml
@ -4,87 +4,9 @@ ports:
  web:
    redirectTo:
      port: websecure
-  ssh:
-    port: 22
-    expose:
-      default: true
-    exposedPort: 22
-    protocol: TCP
  openvpn:
    port: 1194
    expose:
      default: true
    exposedPort: 1194
    protocol: TCP
-    #  valve-server:
-    #    port: 27015
-    #    expose:
-    #      default: true
-    #    exposedPort: 27015
-    #    protocol: UDP
-    #  valve-rcon:
-    #    port: 27015
-    #    expose:
-    #      default: true
-    #    exposedPort: 27015
-    #    protocol: TCP
-  smtp:
-    port: 25
-    protocol: TCP
-    exposedPort: 25
-    expose:
-      default: true
-  smtps:
-    port: 465
-    protocol: TCP
-    exposedPort: 465
-    expose:
-      default: true
-  smtp-startls:
-    port: 587
-    protocol: TCP
-    exposedPort: 587
-    expose:
-      default: true
-  imap:
-    port: 143
-    protocol: TCP
-    exposedPort: 143
-    expose:
-      default: true
-  imaps:
-    port: 993
-    protocol: TCP
-    exposedPort: 993
-    expose:
-      default: true
-  pop3:
-    port: 110
-    protocol: TCP
-    exposedPort: 110
-    expose:
-      default: true
-  pop3s:
-    port: 995
-    protocol: TCP
-    exposedPort: 995
-    expose:
-      default: true
-  minecraft:
-    port: 25565
-    protocol: TCP
-    exposedPort: 25565
-    expose:
-      default: true
-  shadowsocks:
-    port: 8388
-    protocol: TCP
-    exposedPort: 8388
-    expose:
-      default: true
-  shadowsocks-udp:
-    port: 8389
-    protocol: UDP
-    exposedPort: 8389
-    expose:
-      default: true