[spire] prometheus spiffe cert support

[kfox1111]

tls support was added to spire's prometheus endpoint recently, but to use it with spire issued certs requires a lot of effort, including the spire-agent and spiffe-helper, along with a bunch of glue scripting, and runs into ordering issues. There is then still no way to restrict the spiffeid of the attaching client.

Can we please update the feature so that:

• the user can specify via a flag that they just want to use spire itself for the web servers identity
• a list of spiffeid's that are allowed to connect to it.

This would allow easy securing of the prometheus telementry endpoint using spire itself.

[tjons]

+1, this would be really helpful and shouldn't be too hard to accomplish. The telemetry server can use the server's SVID.

[aviralgarg05]

Hi, I would like to solve this issue if someone could assign me

[amartinezfayo]

Thank you @aviralgarg05 for offering your help on this! I've assigned this issue to you.