From 5ea4dd92720f0361714d1953976272fb82fbed19 Mon Sep 17 00:00:00 2001 From: iamluc Date: Fri, 18 Oct 2024 15:57:01 +0200 Subject: [PATCH 1/3] Increase the cpu/memory requests for the init container + create new configs to set the limits --- .../auto_instrumentation.go | 23 ++++++++++++++----- pkg/config/config_template.yaml | 16 +++++++++++-- 2 files changed, 31 insertions(+), 8 deletions(-) diff --git a/pkg/clusteragent/admission/mutate/autoinstrumentation/auto_instrumentation.go b/pkg/clusteragent/admission/mutate/autoinstrumentation/auto_instrumentation.go index c2fbdd7b0cbdd..202ccf904d413 100644 --- a/pkg/clusteragent/admission/mutate/autoinstrumentation/auto_instrumentation.go +++ b/pkg/clusteragent/admission/mutate/autoinstrumentation/auto_instrumentation.go @@ -40,7 +40,7 @@ const ( mountPath = "/datadog-lib" // defaultMilliCPURequest defines default milli cpu request number. - defaultMilliCPURequest int64 = 50 // 0.05 core + defaultMilliCPURequest int64 = 300 // 0.3 core // defaultMemoryRequest defines default memory request size. defaultMemoryRequest int64 = 100 * 1024 * 1024 // 100 MB (recommended minimum by Alpine) @@ -651,7 +651,6 @@ func (w *Webhook) injectAutoInstruConfig(pod *corev1.Pod, config extractedPodLib } func initResources() (corev1.ResourceRequirements, error) { - var resources = corev1.ResourceRequirements{Limits: corev1.ResourceList{}, Requests: corev1.ResourceList{}} if pkgconfigsetup.Datadog().IsSet("admission_controller.auto_instrumentation.init_resources.cpu") { @@ -660,10 +659,16 @@ func initResources() (corev1.ResourceRequirements, error) { return resources, err } resources.Requests[corev1.ResourceCPU] = quantity - resources.Limits[corev1.ResourceCPU] = quantity } else { resources.Requests[corev1.ResourceCPU] = *resource.NewMilliQuantity(defaultMilliCPURequest, resource.DecimalSI) - resources.Limits[corev1.ResourceCPU] = *resource.NewMilliQuantity(defaultMilliCPURequest, resource.DecimalSI) + } + + if pkgconfigsetup.Datadog().IsSet("admission_controller.auto_instrumentation.init_resources.cpu_limit") { + quantity, err := resource.ParseQuantity(pkgconfigsetup.Datadog().GetString("admission_controller.auto_instrumentation.init_resources.cpu_limit")) + if err != nil { + return resources, err + } + resources.Limits[corev1.ResourceCPU] = quantity } if pkgconfigsetup.Datadog().IsSet("admission_controller.auto_instrumentation.init_resources.memory") { @@ -672,10 +677,16 @@ func initResources() (corev1.ResourceRequirements, error) { return resources, err } resources.Requests[corev1.ResourceMemory] = quantity - resources.Limits[corev1.ResourceMemory] = quantity } else { resources.Requests[corev1.ResourceMemory] = *resource.NewQuantity(defaultMemoryRequest, resource.DecimalSI) - resources.Limits[corev1.ResourceMemory] = *resource.NewQuantity(defaultMemoryRequest, resource.DecimalSI) + } + + if pkgconfigsetup.Datadog().IsSet("admission_controller.auto_instrumentation.init_resources.memory_limit") { + quantity, err := resource.ParseQuantity(pkgconfigsetup.Datadog().GetString("admission_controller.auto_instrumentation.init_resources.memory_limit")) + if err != nil { + return resources, err + } + resources.Limits[corev1.ResourceMemory] = quantity } return resources, nil diff --git a/pkg/config/config_template.yaml b/pkg/config/config_template.yaml index 2589f17e8d9a9..7a246cd10f4b4 100644 --- a/pkg/config/config_template.yaml +++ b/pkg/config/config_template.yaml @@ -3108,16 +3108,28 @@ api_key: ## @param cpu - string - optional ## @env DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_INIT_RESOURCES_CPU - string - optional - ## Configures the CPU request and limit for the init containers. + ## Configures the CPU request for the init containers. + # + # cpu: + + ## @param cpu_limit - string - optional + ## @env DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_INIT_RESOURCES_CPU_LIMIT - string - optional + ## Configures the CPU limit for the init containers. # # cpu: ## @param memory - string - optional ## @env DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_INIT_RESOURCES_MEMORY - string - optional - ## Configures the memory request and limit for the init containers. + ## Configures the memory request for the init containers. # # memory: + ## @param memory_limit - string - optional + ## @env DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_INIT_RESOURCES_MEMORY_LIMIT - string - optional + ## Configures the memory limit for the init containers. + # + # memory_limit: + ## @param init_security_context - json - optional ## @env DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_INIT_SECURITY_CONTEXT - json - optional ## Security context for the init containers in JSON format. Follows the Kubernetes security context spec, From ad978838e1206b9c45ac3c3cc78a0827ecf35e24 Mon Sep 17 00:00:00 2001 From: iamluc Date: Fri, 18 Oct 2024 17:26:01 +0200 Subject: [PATCH 2/3] Fix tests --- .../auto_instrumentation_test.go | 72 +++++++++++++------ 1 file changed, 52 insertions(+), 20 deletions(-) diff --git a/pkg/clusteragent/admission/mutate/autoinstrumentation/auto_instrumentation_test.go b/pkg/clusteragent/admission/mutate/autoinstrumentation/auto_instrumentation_test.go index 2e776c6c78b3b..9ddfe0a30b5d6 100644 --- a/pkg/clusteragent/admission/mutate/autoinstrumentation/auto_instrumentation_test.go +++ b/pkg/clusteragent/admission/mutate/autoinstrumentation/auto_instrumentation_test.go @@ -1080,16 +1080,18 @@ func TestInjectLibConfig(t *testing.T) { func TestInjectLibInitContainer(t *testing.T) { tests := []struct { - name string - cpu string - mem string - pod *corev1.Pod - image string - lang language - wantErr bool - wantCPU string - wantMem string - secCtx *corev1.SecurityContext + name string + cpu string + cpuLimit string + mem string + memLimit string + pod *corev1.Pod + image string + lang language + wantErr bool + wantCPU string + wantMem string + secCtx *corev1.SecurityContext }{ { name: "no resources, no security context", @@ -1097,7 +1099,7 @@ func TestInjectLibInitContainer(t *testing.T) { image: "gcr.io/datadoghq/dd-lib-java-init:v1", lang: java, wantErr: false, - wantCPU: "50m", + wantCPU: "300m", wantMem: "100Mi", secCtx: &corev1.SecurityContext{}, }, @@ -1124,6 +1126,18 @@ func TestInjectLibInitContainer(t *testing.T) { wantMem: "100Mi", secCtx: &corev1.SecurityContext{}, }, + { + name: "cpu and memory limits", + pod: common.FakePod("java-pod"), + cpuLimit: "600m", + memLimit: "400Mi", + image: "gcr.io/datadoghq/dd-lib-java-init:v1", + lang: java, + wantErr: false, + wantCPU: "300m", + wantMem: "100Mi", + secCtx: &corev1.SecurityContext{}, + }, { name: "memory only", pod: common.FakePod("java-pod"), @@ -1131,7 +1145,7 @@ func TestInjectLibInitContainer(t *testing.T) { image: "gcr.io/datadoghq/dd-lib-java-init:v1", lang: java, wantErr: false, - wantCPU: "50m", + wantCPU: "300m", wantMem: "512Mi", secCtx: &corev1.SecurityContext{}, }, @@ -1142,7 +1156,7 @@ func TestInjectLibInitContainer(t *testing.T) { image: "gcr.io/datadoghq/dd-lib-java-init:v1", lang: java, wantErr: true, - wantCPU: "50m", + wantCPU: "300m", wantMem: "100Mi", secCtx: &corev1.SecurityContext{}, }, @@ -1152,7 +1166,7 @@ func TestInjectLibInitContainer(t *testing.T) { image: "gcr.io/datadoghq/dd-lib-java-init:v1", lang: java, wantErr: false, - wantCPU: "50m", + wantCPU: "300m", wantMem: "100Mi", secCtx: &corev1.SecurityContext{ Capabilities: &corev1.Capabilities{ @@ -1190,7 +1204,7 @@ func TestInjectLibInitContainer(t *testing.T) { image: "gcr.io/datadoghq/dd-lib-java-init:v1", lang: java, wantErr: false, - wantCPU: "50m", + wantCPU: "300m", wantMem: "100Mi", secCtx: &corev1.SecurityContext{ Capabilities: &corev1.Capabilities{ @@ -1217,9 +1231,15 @@ func TestInjectLibInitContainer(t *testing.T) { if tt.cpu != "" { conf.SetWithoutSource("admission_controller.auto_instrumentation.init_resources.cpu", tt.cpu) } + if tt.cpuLimit != "" { + conf.SetWithoutSource("admission_controller.auto_instrumentation.init_resources.cpu_limit", tt.cpuLimit) + } if tt.mem != "" { conf.SetWithoutSource("admission_controller.auto_instrumentation.init_resources.memory", tt.mem) } + if tt.memLimit != "" { + conf.SetWithoutSource("admission_controller.auto_instrumentation.init_resources.memory_limit", tt.memLimit) + } wh, err := NewWebhook(wmeta, GetInjectionFilter()) if (err != nil) != tt.wantErr { @@ -1245,16 +1265,28 @@ func TestInjectLibInitContainer(t *testing.T) { require.Len(t, tt.pod.Spec.InitContainers, 1) req := tt.pod.Spec.InitContainers[0].Resources.Requests[corev1.ResourceCPU] - lim := tt.pod.Spec.InitContainers[0].Resources.Limits[corev1.ResourceCPU] wantCPUQuantity := resource.MustParse(tt.wantCPU) - require.Zero(t, wantCPUQuantity.Cmp(req)) // Cmp returns 0 if equal - require.Zero(t, wantCPUQuantity.Cmp(lim)) + require.Zero(t, wantCPUQuantity.Cmp(req)) + + lim, ok := tt.pod.Spec.InitContainers[0].Resources.Limits[corev1.ResourceCPU] + if tt.cpuLimit != "" { + limCPU := resource.MustParse(tt.cpuLimit) + require.Zero(t, lim.Cmp(limCPU)) + } else { + require.False(t, ok) + } req = tt.pod.Spec.InitContainers[0].Resources.Requests[corev1.ResourceMemory] - lim = tt.pod.Spec.InitContainers[0].Resources.Limits[corev1.ResourceMemory] wantMemQuantity := resource.MustParse(tt.wantMem) require.Zero(t, wantMemQuantity.Cmp(req)) - require.Zero(t, wantMemQuantity.Cmp(lim)) + + lim, ok = tt.pod.Spec.InitContainers[0].Resources.Limits[corev1.ResourceMemory] + if tt.memLimit != "" { + limMem := resource.MustParse(tt.memLimit) + require.Zero(t, lim.Cmp(limMem)) + } else { + require.False(t, ok) + } expSecCtx := tt.pod.Spec.InitContainers[0].SecurityContext require.Equal(t, tt.secCtx, expSecCtx) From 6fd73870493458b890e7a98c9b1a3968860b9de1 Mon Sep 17 00:00:00 2001 From: iamluc Date: Fri, 18 Oct 2024 17:47:43 +0200 Subject: [PATCH 3/3] Fix typo --- pkg/config/config_template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/config/config_template.yaml b/pkg/config/config_template.yaml index 7a246cd10f4b4..88d208cd4ebc7 100644 --- a/pkg/config/config_template.yaml +++ b/pkg/config/config_template.yaml @@ -3116,7 +3116,7 @@ api_key: ## @env DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_INIT_RESOURCES_CPU_LIMIT - string - optional ## Configures the CPU limit for the init containers. # - # cpu: + # cpu_limit: ## @param memory - string - optional ## @env DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_INIT_RESOURCES_MEMORY - string - optional