/kind bug

When shrinking the pod-level memory limits (sum of container limits iff all containers have limits), the Kubelet checks the current pod memory usage, and doesn't apply the new limits if the new limits < current usage. However, the Kubelet doesn't place the same restriction on containers, and we don't require container runtimes to make the same check.

In practice, this means that for a single container pod, decreasing the memory limit below usage will result in the resize being indefinitely in progress, but for a multiple container pod, if some containers have sufficient free memory, you can shrink the memory limits below usage for a container in the pod, resulting in that container being OOM-killed.

What is the desired behavior here?

https://docs.google.com/document/d/1cEFLXKwNOSNLAkzyhoJUgkBW0OiX-9bXB_aJV7OAypw/edit?tab=t.0 provides more background information and several options for how this should be handled.

/sig node
/priority important-soon