Merge pull request #569 from element-hq/gaelg/matrix-rtc-metrics

matrix-rtc: fix services monitors

Author: gaelgatelement

charts/matrix-stack/ci/fragments/matrix-rtc-pytest-extras.yaml

@@ -4,6 +4,8 @@
 
 matrixRTC:
   replicas: 2
+  annotations:
+    has-no-service-monitor: "true"
   ingress:
     host: mrtc.{{ $.Values.serverName }}
     tlsSecret: "{{ $.Release.Name }}-matrix-rtc-tls"

charts/matrix-stack/ci/pytest-matrix-rtc-standalone-values.yaml

@@ -16,6 +16,8 @@ initSecrets:
 matrixAuthenticationService:
   enabled: false
 matrixRTC:
+  annotations:
+    has-no-service-monitor: "true"
   extraEnv:
     - name: LIVEKIT_INSECURE_SKIP_VERIFY_TLS
       value: YES_I_KNOW_WHAT_I_AM_DOING

charts/matrix-stack/ci/pytest-matrix-rtc-synapse-wellknown-values.yaml

@@ -28,6 +28,8 @@ initSecrets:
 matrixAuthenticationService:
   enabled: false
 matrixRTC:
+  annotations:
+    has-no-service-monitor: "true"
   extraEnv:
     - name: LIVEKIT_INSECURE_SKIP_VERIFY_TLS
       value: YES_I_KNOW_WHAT_I_AM_DOING

charts/matrix-stack/templates/matrix-rtc/authorisation_service_monitor.yaml

@@ -1,5 +1,5 @@
 {{- /*
-Copyright 2024 New Vector Ltd
+Copyright 2024-2025 New Vector Ltd
 
 SPDX-License-Identifier: AGPL-3.0-only
 */ -}}
@@ -21,6 +21,9 @@ spec:
   - name: http
     port: 7880
     targetPort: http
+  - name: metrics
+    port: 6789
+    targetPort: metrics
   selector:
     app.kubernetes.io/instance: "{{ $.Release.Name }}-matrix-rtc-sfu"
 {{- end -}}

charts/matrix-stack/templates/matrix-rtc/sfu_service.yaml

@@ -1,5 +1,5 @@
 {{- /*
-Copyright 2024 New Vector Ltd
+Copyright 2024-2025 New Vector Ltd
 
 SPDX-License-Identifier: AGPL-3.0-only
 */ -}}
@@ -20,7 +20,7 @@ metadata:
 spec:
   endpoints:
   - interval: 30s
-    port: http
+    port: metrics
   selector:
     matchLabels:
       app.kubernetes.io/part-of: matrix-stack

charts/matrix-stack/templates/matrix-rtc/sfu_service_monitor.yaml

@@ -0,0 +1 @@
+matrix-rtc: Fix service monitors deployed.

newsfragments/569.fixed.md

@@ -37,6 +37,7 @@ types-pytz = "^2025.2.0.20250516"
 mypy = "^1.16.1"
 types-pyyaml = "^6.0.12.20250516"
 semver = "^3.0.4"
+prometheus-client = "^0.22.1"
 
 [build-system]
 requires = ["poetry-core"]

poetry.lock

@@ -6,8 +6,16 @@
 import time
 
 import pyhelm3
+from lightkube import AsyncClient
+from lightkube.models.core_v1 import (
+    Capabilities,
+    Container,
+    PodSpec,
+    SeccompProfile,
+    SecurityContext,
+)
 from lightkube.models.meta_v1 import ObjectMeta
-from lightkube.resources.core_v1 import ConfigMap, Endpoints, Namespace, Secret
+from lightkube.resources.core_v1 import ConfigMap, Endpoints, Namespace, Pod, Secret
 
 from ..artifacts import CertKey, generate_cert
 from .utils import merge
@@ -98,3 +106,63 @@ async def get_deployment_marker(kube_client, generated_data, marker: str):
         name=f"{generated_data.release_name}-markers",
     )
     return configmap.data.get(marker)
+
+
+async def run_pod_with_args(kube_client: AsyncClient, namespace, image_name, pod_name, args):
+    pod = Pod(
+        metadata=ObjectMeta(name=pod_name + "-" + str(int(time.time() * 1000)), namespace=namespace),
+        spec=PodSpec(
+            restartPolicy="Never",
+            containers=[
+                Container(
+                    name="cmd",
+                    image=image_name,
+                    args=args,
+                    securityContext=SecurityContext(
+                        seccompProfile=SeccompProfile(type="RuntimeDefault"),
+                        capabilities=Capabilities(drop=["ALL"]),
+                        readOnlyRootFilesystem=True,
+                        allowPrivilegeEscalation=False,
+                        runAsNonRoot=True,
+                        runAsUser=3000,
+                        runAsGroup=3000,
+                    ),
+                )
+            ],
+        ),
+    )
+    assert pod.metadata
+    assert pod.metadata.name
+    assert pod.metadata.namespace
+    try:
+        await kube_client.create(pod)
+        start_time = time.time()
+        now = time.time()
+        completed = False
+        while start_time + 30 > now and not completed:
+            found_pod = await kube_client.get(Pod, name=pod.metadata.name, namespace=pod.metadata.namespace)
+            if (
+                found_pod.status
+                and found_pod.status.containerStatuses
+                and found_pod.status.containerStatuses[0].lastState
+                and found_pod.status.containerStatuses[0].lastState.terminated
+                and found_pod.status.containerStatuses[0].lastState.terminated.reason == "Completed"
+            ):
+                completed = True
+            else:
+                now = time.time()
+                await asyncio.sleep(1)
+        else:
+            if start_time + 30 > now:
+                raise RuntimeError(
+                    f"Pod {pod.metadata.name} did not start in time "
+                    f"(failed after {time.time() - now} seconds), "
+                    f"pod status: {found_pod.status}"
+                )
+
+        log_lines = ""
+        async for log_line in kube_client.log(pod.metadata.name, namespace=pod.metadata.namespace, container="cmd"):
+            log_lines += log_line
+        return log_lines
+    finally:
+        await kube_client.delete(Pod, name=pod.metadata.name, namespace=namespace)