diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index 86d0475a..f5f26d3e 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -172,6 +172,21 @@ function(params) { insecureSkipVerify: true, }, bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + metricRelabelings: [ + { + sourceLabels: ['__name__'], + action: 'drop', + regex: '(' + std.join('|', + [ + 'apiserver_client_certificate_.*', // The only client supposed to connect to the aggregated API is the apiserver so it is not really meaningful to monitor its certificate. + 'apiserver_envelope_.*', // Prometheus-adapter isn't using envelope for storage. + 'apiserver_flowcontrol_.*', // Prometheus-adapter isn't using flowcontrol. + 'apiserver_storage_.*', // Prometheus-adapter isn't using the apiserver storage. + 'apiserver_webhooks_.*', // Prometeus-adapter doesn't make use of apiserver webhooks. + 'workqueue_.*', // Metrics related to the internal apiserver auth workqueues are not very useful to prometheus-adapter. + ]) + ')', + }, + ], }, ], }, diff --git a/manifests/prometheus-adapter-serviceMonitor.yaml b/manifests/prometheus-adapter-serviceMonitor.yaml index a7515852..46a5c95c 100644 --- a/manifests/prometheus-adapter-serviceMonitor.yaml +++ b/manifests/prometheus-adapter-serviceMonitor.yaml @@ -12,6 +12,11 @@ spec: endpoints: - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token interval: 30s + metricRelabelings: + - action: drop + regex: (apiserver_client_certificate_.*|apiserver_envelope_.*|apiserver_flowcontrol_.*|apiserver_storage_.*|apiserver_webhooks_.*|workqueue_.*) + sourceLabels: + - __name__ port: https scheme: https tlsConfig: