From dd9001e0602144d01961f4d5de17730f7b2e981e Mon Sep 17 00:00:00 2001
From: Fabian Fischer <glrf@users.noreply.github.com>
Date: Fri, 1 Jul 2022 13:14:37 +0200
Subject: [PATCH] Extend prometheus jsonnet library with servicemonitor helpers

---
 lib/prometheus.libsonnet | 67 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 66 insertions(+), 1 deletion(-)

diff --git a/lib/prometheus.libsonnet b/lib/prometheus.libsonnet
index 719b13e..4e7e75d 100644
--- a/lib/prometheus.libsonnet
+++ b/lib/prometheus.libsonnet
@@ -107,6 +107,25 @@ local disable(object) = object {
   },
 };
 
+/**
+  * \brief Helper returning a reference to the Prometheus service account
+  *
+  * Can be used to give additional permissions to the provided Prometheus instance.
+  * If no instance is provided than the default instance is used.
+  *
+  *
+  * \arg `instance` The name of the instance
+  * \return A reference to the instance's service account.
+  */
+local serviceAccountRef(instance=params.defaultInstance) = {
+  local config = getInstanceConfig(instance),
+  local namespace = (config.common + com.makeMergeable(config.prometheus)).namespace,
+
+  kind: 'ServiceAccount',
+  name: 'prometheus-%s' % instance,
+  namespace: namespace,
+};
+
 /**
   * \brief Helper to create PrometheusRule objects.
   *
@@ -121,8 +140,48 @@ local prometheusRule(name) = enable(kube._Object(api_version.monitoring, 'Promet
  * \arg The name of the ServiceMonitor.
  * \return A ServiceMonitor object.
  */
-local serviceMonitor(name) = kube._Object(api_version.monitoring, 'ServiceMonitor', name);
+local serviceMonitor(name) = kube._Object(api_version.monitoring, 'ServiceMonitor', name) {
+  local sm = self,
 
+  targetNamespace:: '',
+  selector:: {},
+  endpoints:: {},
+
+  spec: {
+    namespaceSelector: {
+      matchNames: [ sm.targetNamespace ],
+    },
+    selector: sm.selector,
+    endpoints: std.objectValues(sm.endpoints),
+  },
+};
+/**
+ * \brief Provides a common default service monitor endpoint for endpoints with TLS and token authentication
+ *
+ * By default this endpoint uses the service account token and the service-ca.
+ *
+ * \arg `serverName` The servername used to verify the target
+ * \return A service monitor endpoint with defaults for https and token authentication
+ */
+local serviceMonitorHttpsEndpoint(serverName) = {
+  bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+  interval: '30s',
+  scheme: 'https',
+  port: 'metrics',
+  tlsConfig: {
+    caFile: '/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt',
+    serverName: serverName,
+  },
+};
+
+/**
+ * \brief A relabel config that drops Go runtime and Prometheus http handler metrics
+ */
+local dropRuntimeMetrics = {
+  action: 'drop',
+  regex: '(go_.*|process_.*|promhttp_.*)',
+  sourceLabels: [ '__name__' ],
+};
 
 /**
  * \brief Helper to create PodMonitor objects.
@@ -147,8 +206,14 @@ local probe(name) = kube._Object(api_version.monitoring, 'Probe', name);
   Enable: enable,
   Disable: disable,
 
+  ServiceAccountRef: serviceAccountRef,
+
   PrometheusRule: prometheusRule,
+
   ServiceMonitor: serviceMonitor,
+  ServiceMonitorHttpsEndpoint: serviceMonitorHttpsEndpoint,
+  DropRuntimeMetrics: dropRuntimeMetrics,
+
   PodMonitor: podMonitor,
   Probe: probe,
 }