remove unused spaces

Author: labuladong

charts/sn-platform-slim/templates/bookkeeper/bookkeeper-authorizationpolicy.yaml

@@ -10,11 +10,20 @@ metadata:
   namespace: {{ template "pulsar.namespace" . }}
 spec:
   rules:
-  - to:
+  - {{- if .Values.bookkeeper.authorizationPolicy.from }}
+    from:
+{{ toYaml .Values.bookkeeper.authorizationPolicy.from | indent 4 }}
+    {{- end }}
+    {{- if .Values.bookkeeper.authorizationPolicy.to }}
+    to:
+{{ toYaml .Values.bookkeeper.authorizationPolicy.to | indent 4 }}
+    {{- else }}
+    to:
     - operation:
         ports:
         - "3181"
         - "8000"
+    {{- end }}
   action: ALLOW
   selector:
     matchLabels:
@@ -30,10 +39,19 @@ metadata:
   namespace: {{ template "pulsar.namespace" . }}
 spec:
   rules:
-  - to:
+  - {{- if .Values.autorecovery.authorizationPolicy.from }}
+    from:
+{{ toYaml .Values.autorecovery.authorizationPolicy.from | indent 4 }}
+    {{- end }}
+    {{- if .Values.autorecovery.authorizationPolicy.to }}
+    to:
+{{ toYaml .Values.autorecovery.authorizationPolicy.to | indent 4 }}
+    {{- else }}
+    to:
     - operation:
         ports:
         - "{{ .Values.autorecovery.ports.http }}"
+    {{- end }}
   action: ALLOW
   selector:
     matchLabels:

charts/sn-platform-slim/templates/broker/broker-authorizationpolicy.yaml

@@ -10,7 +10,15 @@ metadata:
   namespace: {{ template "pulsar.namespace" . }}
 spec:
   rules:
-  - to:
+  - {{- if .Values.broker.authorizationPolicy.from }}
+    from:
+{{ toYaml .Values.broker.authorizationPolicy.from | indent 4 }}
+    {{- end }}
+    {{- if .Values.broker.authorizationPolicy.to }}
+    to:
+{{ toYaml .Values.broker.authorizationPolicy.to | indent 4 }}
+    {{- else }}
+    to:
     - operation:
         ports:
         - "6650"
@@ -41,6 +49,7 @@ spec:
         - "9095"
         {{- end }}
         {{- end }}
+    {{- end }}
   action: ALLOW
   selector:
     matchLabels:

charts/sn-platform-slim/templates/zookeeper/zookeeper-authorizationpolicy.yaml

@@ -10,14 +10,23 @@ metadata:
   namespace: {{ template "pulsar.namespace" . }}
 spec:
   rules:
-  - to:
+  - {{- if .Values.zookeeper.authorizationPolicy.from }}
+    from:
+{{ toYaml .Values.zookeeper.authorizationPolicy.from | indent 4 }}
+    {{- end }}
+    {{- if .Values.zookeeper.authorizationPolicy.to }}
+    to:
+{{ toYaml .Values.zookeeper.authorizationPolicy.to | indent 4 }}
+    {{- else }}
+    to:
     - operation:
         ports:
         - "2181"
         - "9990"
         - "2888"
         - "3888"
         - "{{ .Values.zookeeper.ports.metrics  }}"
+    {{- end }}
   action: ALLOW
   selector:
     matchLabels:

charts/sn-platform-slim/values.yaml

@@ -561,6 +561,26 @@ zookeeper:
   # The template field can totally change the log config of the component. The value is a string, which is the content of the log config file.
     template: {}
 
+  # Istio AuthorizationPolicy configuration
+  # Configure the 'from' and 'to' sections to restrict sources and operations
+  # If 'to' is not specified, default ports will be used
+  # Example:
+  # authorizationPolicy:
+  #   from:
+  #   - source:
+  #       principals: ["cluster.local/ns/default/sa/pulsar-broker"]
+  #   - source:
+  #       namespaces: ["pulsar"]
+  #   to:
+  #   - operation:
+  #       ports: ["2181", "9990"]
+  #       methods: ["GET", "POST"]
+  #       paths: ["/metrics"]
+  #       hosts: ["zookeeper.pulsar.svc.cluster.local"]
+  authorizationPolicy:
+    from: []
+    to: []
+
   # use a component name that matches your grafana configuration
   # so the metrics are correctly rendered in grafana dashboard
   component: zookeeper
@@ -815,6 +835,26 @@ bookkeeper:
   # The template field can totally change the log config of the component. The value is a string, which is the content of the log config file.
     template: {}
 
+  # Istio AuthorizationPolicy configuration
+  # Configure the 'from' and 'to' sections to restrict sources and operations
+  # If 'to' is not specified, default ports will be used
+  # Example:
+  # authorizationPolicy:
+  #   from:
+  #   - source:
+  #       principals: ["cluster.local/ns/default/sa/pulsar-broker"]
+  #   - source:
+  #       namespaces: ["pulsar"]
+  #   to:
+  #   - operation:
+  #       ports: ["3181", "8000"]
+  #       methods: ["GET", "POST"]
+  #       paths: ["/metrics"]
+  #       hosts: ["bookie.pulsar.svc.cluster.local"]
+  authorizationPolicy:
+    from: []
+    to: []
+
   # use a component name that matches your grafana configuration
   # so the metrics are correctly rendered in grafana dashboard
   component: bookie
@@ -980,6 +1020,26 @@ bookkeeper:
 ## templates/autorecovery-statefulset.yaml
 ##
 autorecovery:
+  # Istio AuthorizationPolicy configuration
+  # Configure the 'from' and 'to' sections to restrict sources and operations
+  # If 'to' is not specified, default ports will be used
+  # Example:
+  # authorizationPolicy:
+  #   from:
+  #   - source:
+  #       principals: ["cluster.local/ns/default/sa/pulsar-broker"]
+  #   - source:
+  #       namespaces: ["pulsar"]
+  #   to:
+  #   - operation:
+  #       ports: ["8000"]
+  #       methods: ["GET", "POST"]
+  #       paths: ["/metrics"]
+  #       hosts: ["recovery.pulsar.svc.cluster.local"]
+  authorizationPolicy:
+    from: []
+    to: []
+
   # use a component name that matches your grafana configuration
   # so the metrics are correctly rendered in grafana dashboard
   component: recovery
@@ -1084,6 +1144,26 @@ broker:
   # The template field can totally change the log config of the component. The value is a string, which is the content of the log config file.
     template: {}
 
+  # Istio AuthorizationPolicy configuration
+  # Configure the 'from' and 'to' sections to restrict sources and operations
+  # If 'to' is not specified, default ports will be used
+  # Example:
+  # authorizationPolicy:
+  #   from:
+  #   - source:
+  #       principals: ["cluster.local/ns/default/sa/pulsar-proxy"]
+  #   - source:
+  #       namespaces: ["pulsar"]
+  #   to:
+  #   - operation:
+  #       ports: ["6650", "8080"]
+  #       methods: ["GET", "POST"]
+  #       paths: ["/metrics"]
+  #       hosts: ["broker.pulsar.svc.cluster.local"]
+  authorizationPolicy:
+    from: []
+    to: []
+
   # use a component name that matches your grafana configuration
   # so the metrics are correctly rendered in grafana dashboard
   component: broker

charts/sn-platform/templates/bookkeeper/bookkeeper-authorizationpolicy.yaml

@@ -10,11 +10,20 @@ metadata:
   namespace: {{ template "pulsar.namespace" . }}
 spec:
   rules:
-  - to:
+  - {{- if .Values.bookkeeper.authorizationPolicy.from }}
+    from:
+{{ toYaml .Values.bookkeeper.authorizationPolicy.from | indent 4 }}
+    {{- end }}
+    {{- if .Values.bookkeeper.authorizationPolicy.to }}
+    to:
+{{ toYaml .Values.bookkeeper.authorizationPolicy.to | indent 4 }}
+    {{- else }}
+    to:
     - operation:
         ports:
         - "3181"
         - "8000"
+    {{- end }}
   action: ALLOW
   selector:
     matchLabels:
@@ -30,10 +39,19 @@ metadata:
   namespace: {{ template "pulsar.namespace" . }}
 spec:
   rules:
-  - to:
+  - {{- if .Values.autorecovery.authorizationPolicy.from }}
+    from:
+{{ toYaml .Values.autorecovery.authorizationPolicy.from | indent 4 }}
+    {{- end }}
+    {{- if .Values.autorecovery.authorizationPolicy.to }}
+    to:
+{{ toYaml .Values.autorecovery.authorizationPolicy.to | indent 4 }}
+    {{- else }}
+    to:
     - operation:
         ports:
         - "{{ .Values.autorecovery.ports.http }}"
+    {{- end }}
   action: ALLOW
   selector:
     matchLabels:

charts/sn-platform/templates/broker/broker-authorizationpolicy.yaml

@@ -10,7 +10,15 @@ metadata:
   namespace: {{ template "pulsar.namespace" . }}
 spec:
   rules:
-  - to:
+  - {{- if .Values.broker.authorizationPolicy.from }}
+    from:
+{{ toYaml .Values.broker.authorizationPolicy.from | indent 4 }}
+    {{- end }}
+    {{- if .Values.broker.authorizationPolicy.to }}
+    to:
+{{ toYaml .Values.broker.authorizationPolicy.to | indent 4 }}
+    {{- else }}
+    to:
     - operation:
         ports:
         - "6650"
@@ -41,6 +49,7 @@ spec:
         - "9095"
         {{- end }}
         {{- end }}
+    {{- end }}
   action: ALLOW
   selector:
     matchLabels:

charts/sn-platform/templates/zookeeper/zookeeper-authorizationpolicy.yaml

@@ -10,14 +10,23 @@ metadata:
   namespace: {{ template "pulsar.namespace" . }}
 spec:
   rules:
-  - to:
+  - {{- if .Values.zookeeper.authorizationPolicy.from }}
+    from:
+{{ toYaml .Values.zookeeper.authorizationPolicy.from | indent 4 }}
+    {{- end }}
+    {{- if .Values.zookeeper.authorizationPolicy.to }}
+    to:
+{{ toYaml .Values.zookeeper.authorizationPolicy.to | indent 4 }}
+    {{- else }}
+    to:
     - operation:
         ports:
         - "2181"
         - "9990"
         - "2888"
         - "3888"
         - "{{ .Values.zookeeper.ports.metrics  }}"
+    {{- end }}
   action: ALLOW
   selector:
     matchLabels: