diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/node_container_manager_linux.go b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/node_container_manager_linux.go
index 29205730a39d..96eb8bdfba01 100644
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/cm/node_container_manager_linux.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/cm/node_container_manager_linux.go
@@ -38,10 +38,17 @@ const (
 
 //createNodeAllocatableCgroups creates Node Allocatable Cgroup when CgroupsPerQOS flag is specified as true
 func (cm *containerManagerImpl) createNodeAllocatableCgroups() error {
+	nodeAllocatable := cm.internalCapacity
+	// Use Node Allocatable limits instead of capacity if the user requested enforcing node allocatable.
+	nc := cm.NodeConfig.NodeAllocatableConfig
+	if cm.CgroupsPerQOS && nc.EnforceNodeAllocatable.Has(kubetypes.NodeAllocatableEnforcementKey) {
+		nodeAllocatable = cm.getNodeAllocatableInternalAbsolute()
+	}
+
 	cgroupConfig := &CgroupConfig{
 		Name: cm.cgroupRoot,
 		// The default limits for cpu shares can be very low which can lead to CPU starvation for pods.
-		ResourceParameters: getCgroupConfig(cm.internalCapacity),
+		ResourceParameters: getCgroupConfig(nodeAllocatable),
 	}
 	if cm.cgroupManager.Exists(cgroupConfig.Name) {
 		return nil