Kubernetes v1.36 Memory QoS: 5 Key Enhancements for Tiered Memory Protection

Kubernetes v1.36 brings significant updates to the Memory QoS feature, first introduced in v1.22 and refined in v1.27. This feature leverages the cgroup v2 memory controller to give the Linux kernel clearer instructions on managing container memory, reducing the risk of out-of-memory (OOM) kills and improving overall node stability. In this release, the focus is on fine-grained memory reservation, tiered protection based on Pod QoS classes, and enhanced observability. Below are the five most important changes you need to know about.

1. What Is Memory QoS and Why It Matters

Memory QoS is a Kubernetes feature that allows the kubelet to set cgroup v2 memory parameters (memory.high, memory.min, memory.low) based on a Pod's memory request and QoS class. The goal is to prevent any single container from starving others of memory while also avoiding the need for the kernel to resort to OOM kills under pressure. In v1.36, Memory QoS remains alpha but introduces a safer, opt-in approach to memory reservation. Previously, enabling Memory QoS applied hard reservations (memory.min) to all containers with memory requests, which could lock up too much memory and cause OOM kills. The new design separates throttling from reservation, giving cluster operators more control and reducing risk.

2. The New memoryReservationPolicy: Throttling Without Reservation by Default

In v1.36, enabling the MemoryQoS feature gate still activates memory throttling via memory.high (controlled by memoryThrottlingFactor, default 0.9). However, the writing of memory.min and memory.low is now governed by a separate kubelet configuration field, memoryReservationPolicy. By default, this policy is set to None, meaning no reservation files are written—only throttling occurs. This allows operators to safely enable throttling first, observe workloads, and only opt into reservation when the node has sufficient headroom. The alternative policy, TieredReservation, enables the new tiered protection based on QoS class. This separation is a crucial improvement, as it prevents accidental over-reservation that could lead to system instability.

3. Guaranteed Pods Get Hard Protection with memory.min

When memoryReservationPolicy is set to TieredReservation, Guaranteed Pods receive hard protection via memory.min. This means the kernel will never reclaim memory from these cgroups under any circumstances. For example, a Guaranteed Pod requesting 512 MiB of memory will have its cgroup's memory.min set to 536870912 bytes. If the node runs low on memory and the kernel cannot honor this guarantee, it will invoke the OOM killer on other processes to free pages. This is ideal for latency-sensitive applications that cannot tolerate memory stall. However, because it locks memory, it should be used judiciously—only for workloads with strict resource guarantees. The change from earlier versions is significant: previously, memory.min was applied to all containers, including Burstable ones, which could cause over-reservation. Now it's limited to Guaranteed Pods only.

4. Burstable Pods Get Soft Protection with memory.low

Burstable Pods under TieredReservation receive soft protection via memory.low. This tells the kernel to avoid reclaiming their memory under normal pressure, but it may reclaim it if the alternative is a system-wide OOM. For instance, a Burstable Pod requesting 512 MiB will have its memory.low set to the same value. This is a key improvement over v1.27, where Burstable Pods got memory.min—a hard reservation that could lock up huge amounts of memory. Consider an 8 GiB node with Burstable requests totaling 7 GiB: in v1.27, that 7 GiB would be locked as non-reclaimable, leaving little headroom for system daemons or BestEffort workloads. In v1.36, those Burstable requests map to memory.low, so under extreme pressure the kernel can reclaim some of it, avoiding unnecessary OOM kills. This makes the node more resilient.

5. BestEffort Pods, Observability Metrics, and Kernel Version Warning

BestEffort Pods receive neither memory.min nor memory.low—their memory remains fully reclaimable, as expected. To help operators monitor memory reservation, two alpha metrics are exposed on the kubelet's /metrics endpoint: kubelet_memory_qos_node_memory_min_bytes (total hard reserved memory across all Guaranteed cgroups) and kubelet_memory_qos_node_memory_low_bytes (total soft reserved memory across all Burstable cgroups). Additionally, the kubelet now emits a warning when the kernel version is older than 6.2, because the memory.high enforcement mechanism changed in newer kernels. This helps cluster operators avoid unexpected behavior. These enhancements make it easier to safely adopt Memory QoS and tune memory reservation for production clusters.

Conclusion

Kubernetes v1.36's Memory QoS updates represent a mature evolution of the feature, addressing critical pain points from earlier releases. By separating throttling from reservation and introducing tiered protection, the kubelet now provides a safer path to memory guarantees. Cluster operators can enable throttling first, then gradually opt into hard or soft reservation as needed. The new metrics and kernel warnings add transparency and help prevent misconfiguration. As always, test these alpha features in non-production environments before rolling out to critical workloads. With these changes, Kubernetes moves closer to offering robust, predictable memory management for all types of applications.