Omit the UDP port range metadata for Matrix RTC's SFU if the range is larger than 100 ports.

benbz · benbz · commit 7623172654bb · 2025-06-11T13:41:05.000+01:00
diff --git a/charts/matrix-stack/templates/matrix-rtc/sfu_deployment.yaml b/charts/matrix-stack/templates/matrix-rtc/sfu_deployment.yaml
@@ -114,6 +114,8 @@ spec:
   {{- if .enabled }}
     {{- $portType := .type -}}
     {{- with .portRange }}
+    {{- /* container.port is metadata. Omit if a large range is provided so that we don't run into document size limits when submitting to the API server */ -}}
+    {{- if le (sub (.endPort | int) (.startPort | int)) 100 }}
     {{- range $port := untilStep (.startPort | int) (.endPort | int) 1 }}
         - containerPort: {{ $port }}
           name: rtc-udp-{{ $port }}
@@ -123,6 +125,7 @@ spec:
       {{- end }}
     {{- end }}
     {{- end }}
+    {{- end }}
   {{- end }}
   {{- end }}
 {{- end }}
diff --git a/newsfragments/549.changed.md b/newsfragments/549.changed.md
@@ -0,0 +1 @@
+Omit the UDP port range metadata for Matrix RTC's SFU if the range is larger than 100 ports.
diff --git a/tests/manifests/test_pod_containers_ports.py b/tests/manifests/test_pod_containers_ports.py
@@ -23,7 +23,7 @@ async def test_unique_ports_in_containers(templates):
 @pytest.mark.asyncio_cooperative
 async def test_ports_in_containers_are_named(templates):
     for template in templates:
-        if template["kind"] in ["Deployment", "StatefulSet", "Job"]:
+        if template["kind"] in ["Deployment", "StatefulSet"]:
             port_names = []
             for container in template["spec"]["template"]["spec"]["containers"]:
                 for port in container.get("ports", []):
@@ -45,3 +45,21 @@ async def test_no_ports_in_jobs(templates):
             for container in template["spec"]["template"]["spec"]["containers"]:
                 ports += [port["containerPort"] for port in container.get("ports", [])]
             assert len(ports) == 0, f"Ports are present in job: {template_id(template)}, {ports}"
+
+
+@pytest.mark.parametrize("values_file", values_files_to_test)
+@pytest.mark.asyncio_cooperative
+async def test_not_too_many_container_ports(templates):
+    for template in templates:
+        if template["kind"] in ["Deployment", "StatefulSet"]:
+            for container in template["spec"]["template"]["spec"]["containers"]:
+                number_of_ports = len(container.get("ports", []))
+                # This limit is fairly arbitrary. Unlike with Services (which have a limit of 250 ports),
+                # there doesn't appear to be a hard limit of number of ports on a Pod/container. However if
+                # you go wild you hit maximum document size when attempting to put the manifest into the
+                # cluster. 100 is chosen as anything more quickly makes `kubectl {describe,get}` unusable.
+                # Container ports are "just" metadata, albeit one which helps the scheduler if `hostPorts`
+                # are involved
+                assert number_of_ports < 100, (
+                    f"{template_id(template)}/{container['name']} has too many ports ({number_of_ports} >= 100)"
+                )

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Omit the UDP port range metadata for Matrix RTC's SFU if the range is larger than 100 ports.`