Agent version
7.74.0
Bug Report
When a container has no CPU limit but a CPU request below 50m, the Admission Controller blocks APM auto-injection with the annotation:
apm.datadoghq.com/injection-error: "The overall pod's containers limit is too low, cpu pod_limit=10m needed=50m"
The container has no CPU limit, meaning unlimited CPU is available. However, PodSumResourceRequirements() in pkg/clusteragent/admission/mutate/autoinstrumentation/libraryinjection/resources.go copies the request value into the imit when no limit is set (line ~198), causing the minimum check to fail against the request value instead of recognizing that no limit means unlimited resources.
Not setting CPU limits is a widely recommended Kubernetes practice to avoid CPU throttling. This bug blocks APM injection for any pod following the practice with a low cpu request.
Reproduction Steps
- Deploy a pod with CPU request below 50m and no CPU limit:
containers:
- name: app
image: nginx
resources:
requests:
cpu: 10m
memory: 128Mi
limits:
memory: 256Mi
# No CPU limit
- APM auto-injection is skipped
- Check pod annotation: kubectl get pod -o jsonpath='{.metadata.annotations.apm.datadoghq.com/injection-error}'
- Returns: The overall pod's containers limit is too low, cpu pod_limit=10m needed=50m
Agent configuration
APM auto-instrumentation enabled with default settings. No DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_INIT_RESOURCES_CPU override.
Operating System
Ubuntu 22.04.05 LTS Kernel Version 5.15.0-1102-azure
Other environment details
AKS (Azure Kubernetes Service), Kubernetes 1.34, Datadog Cluster Agent 7.74.0 managed by Datadog Operator (Helm chart datadog-operator 2.17.0)
Agent version
7.74.0
Bug Report
When a container has no CPU limit but a CPU request below 50m, the Admission Controller blocks APM auto-injection with the annotation:
apm.datadoghq.com/injection-error: "The overall pod's containers limit is too low, cpu pod_limit=10m needed=50m"
The container has no CPU limit, meaning unlimited CPU is available. However, PodSumResourceRequirements() in pkg/clusteragent/admission/mutate/autoinstrumentation/libraryinjection/resources.go copies the request value into the imit when no limit is set (line ~198), causing the minimum check to fail against the request value instead of recognizing that no limit means unlimited resources.
Not setting CPU limits is a widely recommended Kubernetes practice to avoid CPU throttling. This bug blocks APM injection for any pod following the practice with a low cpu request.
Reproduction Steps
containers:
- name: app
image: nginx
resources:
requests:
cpu: 10m
memory: 128Mi
limits:
memory: 256Mi
# No CPU limit
Agent configuration
APM auto-instrumentation enabled with default settings. No DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_INIT_RESOURCES_CPU override.
Operating System
Ubuntu 22.04.05 LTS Kernel Version 5.15.0-1102-azure
Other environment details
AKS (Azure Kubernetes Service), Kubernetes 1.34, Datadog Cluster Agent 7.74.0 managed by Datadog Operator (Helm chart datadog-operator 2.17.0)