Merge pull request #42055 from derekwaynecarr/sandbox-cgroup-parent

Automatic merge from submit-queue (batch tested with PRs 41962, 42055, 42062, 42019, 42054) dockershim puts pause container in pod cgroup **What this PR does / why we need it**: The CRI was not launching the pause container in the pod level cgroup. The non-CRI code path was.
2025-07-23 11:50:44 +00:00 · 2017-02-27 00:16:55 -08:00 · 2017-02-27 00:16:55 -08:00 · bc650d7ec7
commit bc650d7ec7
parent 05f3c715d7 0449b008a8
1 changed files with 10 additions and 0 deletions
--- a/pkg/kubelet/dockershim/docker_sandbox.go
+++ b/pkg/kubelet/dockershim/docker_sandbox.go
@ -470,6 +470,16 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig,
 	// Apply resource options.
 	setSandboxResources(hc)

+	// Apply cgroupsParent derived from the sandbox config.
+	if lc := c.GetLinux(); lc != nil {
+		// Apply Cgroup options.
+		cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent)
+		if err != nil {
+			return nil, fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", c.Metadata.Name, err)
+		}
+		hc.CgroupParent = cgroupParent
+	}
+
 	// Set security options.
 	securityOpts, err := getSandboxSecurityOpts(c, ds.seccompProfileRoot, securityOptSep)
 	if err != nil {