From 6d28222f37a2a81b266ae1aa7b2adcfd62977a6e Mon Sep 17 00:00:00 2001
From: Kevin Fox <Kevin.Fox@pnnl.gov>
Date: Mon, 20 Feb 2023 14:26:37 -0800
Subject: [PATCH] Basic Prometheus support

This patch adds very basic prometheus support to the agent and server
It also has a fix in it so that changes to the agent or server
configmaps reload those pods.

Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
---
 .../charts/spire-agent/templates/configmap.yaml     |  9 +++++++++
 .../charts/spire-agent/templates/daemonset.yaml     |  8 +++++---
 charts/spire/charts/spire-agent/values.yaml         |  4 ++++
 .../charts/spire-server/templates/configmap.yaml    |  9 +++++++++
 .../charts/spire-server/templates/statefulset.yaml  |  8 +++++---
 charts/spire/charts/spire-server/values.yaml        |  4 ++++
 charts/spire/values.yaml                            | 13 +++++++++++++
 7 files changed, 49 insertions(+), 6 deletions(-)

diff --git a/charts/spire/charts/spire-agent/templates/configmap.yaml b/charts/spire/charts/spire-agent/templates/configmap.yaml
index 55d4e78b7..d025bd16c 100644
--- a/charts/spire/charts/spire-agent/templates/configmap.yaml
+++ b/charts/spire/charts/spire-agent/templates/configmap.yaml
@@ -49,3 +49,12 @@ data:
       live_path = "/live"
       ready_path = "/ready"
     }
+
+    {{- if (dig "telemetry" "prometheus" "enabled" .Values.telemetry.prometheus.enabled .Values.global) }}
+    telemetry {
+        Prometheus {
+                host = "0.0.0.0"
+                port = 9988
+        }
+    }
+    {{- end }}
diff --git a/charts/spire/charts/spire-agent/templates/daemonset.yaml b/charts/spire/charts/spire-agent/templates/daemonset.yaml
index acee5376f..fa419d1d1 100644
--- a/charts/spire/charts/spire-agent/templates/daemonset.yaml
+++ b/charts/spire/charts/spire-agent/templates/daemonset.yaml
@@ -1,3 +1,4 @@
+{{- $configSum := (include (print $.Template.BasePath "/configmap.yaml") . | sha256sum) }}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -11,10 +12,11 @@ spec:
       {{- include "spire-agent.selectorLabels" . | nindent 6 }}
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
       annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        checksum/config: {{ $configSum }}
+        {{- with .Values.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       labels:
         {{- include "spire-agent.selectorLabels" . | nindent 8 }}
     spec:
diff --git a/charts/spire/charts/spire-agent/values.yaml b/charts/spire/charts/spire-agent/values.yaml
index 607e04f52..ae63c3a27 100644
--- a/charts/spire/charts/spire-agent/values.yaml
+++ b/charts/spire/charts/spire-agent/values.yaml
@@ -68,3 +68,7 @@ waitForIt:
     pullPolicy: IfNotPresent
     version: latest-20230113
   resources: {}
+
+telemetry:
+  prometheus:
+    enabled: false
diff --git a/charts/spire/charts/spire-server/templates/configmap.yaml b/charts/spire/charts/spire-server/templates/configmap.yaml
index 52de7513a..e6b4ae378 100644
--- a/charts/spire/charts/spire-server/templates/configmap.yaml
+++ b/charts/spire/charts/spire-server/templates/configmap.yaml
@@ -81,3 +81,12 @@ data:
       live_path = "/live"
       ready_path = "/ready"
     }
+
+    {{- if (dig "telemetry" "prometheus" "enabled" .Values.telemetry.prometheus.enabled .Values.global) }}
+    telemetry {
+        Prometheus {
+                host = "0.0.0.0"
+                port = 9988
+        }
+    }
+    {{- end }}
diff --git a/charts/spire/charts/spire-server/templates/statefulset.yaml b/charts/spire/charts/spire-server/templates/statefulset.yaml
index 3d7105940..5dd98ae2c 100644
--- a/charts/spire/charts/spire-server/templates/statefulset.yaml
+++ b/charts/spire/charts/spire-server/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{- $configSum := (include (print $.Template.BasePath "/configmap.yaml") . | sha256sum) }}
 {{- $fullname := include "spire-server.fullname" . }}
 apiVersion: apps/v1
 kind: StatefulSet
@@ -15,10 +16,11 @@ spec:
       {{- include "spire-server.selectorLabels" . | nindent 6 }}
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
       annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        checksum/config: {{ $configSum }}
+        {{- with .Values.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       labels:
         {{- include "spire-server.selectorLabels" . | nindent 8 }}
     spec:
diff --git a/charts/spire/charts/spire-server/values.yaml b/charts/spire/charts/spire-server/values.yaml
index 9efa2c068..a79cf74ca 100644
--- a/charts/spire/charts/spire-server/values.yaml
+++ b/charts/spire/charts/spire-server/values.yaml
@@ -159,3 +159,7 @@ controllerManager:
       #   spiffe.io/spiffe-id: "true"
     dnsNameTemplates: []
       # - '{{ index .PodMeta.Labels "app.kubernetes.io/name" }}.{{ .PodMeta.Namespace }}.svc.cluster.local'
+
+telemetry:
+  prometheus:
+    enabled: false
diff --git a/charts/spire/values.yaml b/charts/spire/values.yaml
index 7e2609721..6fc6fdca0 100644
--- a/charts/spire/values.yaml
+++ b/charts/spire/values.yaml
@@ -1,3 +1,8 @@
+#global:
+#  telemetry:
+#    prometheus:
+#      enabled: false|true
+
 nameOverride: ""
 fullnameOverride: ""
 
@@ -9,6 +14,10 @@ spire-server:
   clusterName: &clusterName "example-cluster"
   trustDomain: &trustDomain "example.org"
 
+  telemetry:
+    prometheus:
+      enabled: true
+
 spire-agent:
   nameOverride: agent
   bundleConfigMap: *bundleConfigMap
@@ -16,6 +25,10 @@ spire-agent:
   clusterName: *clusterName
   trustDomain: *trustDomain
 
+  telemetry:
+    prometheus:
+      enabled: true
+
 spiffe-csi-driver: {}
 
 spiffe-oidc-discovery-provider: