Kubernetes v1.36 brings significant enhancements to the Memory QoS feature, originally introduced in v1.22 and refined in v1.27. Now in its alpha stage, this update refines how the kernel manages container memory using the cgroup v2 memory controller. The key developments include a new opt-in memory reservation policy, tiered memory protection based on workload priority, better observability, and critical kernel version warnings. These changes aim to give cluster administrators finer control over resource allocation, reduce the risk of out-of-memory (OOM) kills, and improve system stability. Below, we break down the five most important aspects you need to understand about the Memory QoS improvements in Kubernetes v1.36.
1. Opt-In Memory Reservation with memoryReservationPolicy
In v1.36, the memory reservation behavior is now decoupled from throttling. Enabling the MemoryQoS feature gate activates memory.high throttling (default 0.9 factor), but reservation is controlled by a new kubelet configuration field: memoryReservationPolicy. By default set to None, this means no memory.min or memory.low is written, and only throttling works. To opt into reservations, set the policy to TieredReservation, which writes tiered memory protection based on the Pod's QoS class. This separation allows administrators to first enable throttling, observe workload behavior, and then gradually introduce memory protection only when the node has enough headroom, reducing the risk of over-reservation.
2. Tiered Protection by QoS Class
When TieredReservation is enabled, the kubelet applies different levels of memory protection:
- Guaranteed Pods receive hard protection via
memory.min. The kernel will never reclaim this memory, and if the guarantee cannot be met, it invokes the OOM killer on other processes. For example, a Guaranteed Pod requesting 512 MiB setsmemory.minto 536870912 bytes. - Burstable Pods get soft protection via
memory.low. The kernel avoids reclaiming under normal pressure but may reclaim it to avoid system-wide OOM. The same 512 MiB request setsmemory.low. - BestEffort Pods receive neither
memory.minnormemory.low, making their memory fully reclaimable.
This tiered approach ensures critical workloads are protected while allowing flexibility under extreme memory pressure, reducing unnecessary OOM kills.
3. Why the Change from v1.27? Better Headroom Management
In earlier versions (v1.22–v1.27), enabling MemoryQoS immediately set memory.min for every container with a memory request, creating a hard reservation that the kernel could not reclaim. On a node with 8 GiB RAM and Burstable Pods requesting 7 GiB, that 7 GiB would be locked, leaving little headroom for system daemons or BestEffort workloads, increasing OOM risks. Version 1.36 addresses this by mapping Burstable requests to memory.low instead of memory.min when using TieredReservation. Only Guaranteed Pods get the hard memory.min, reducing the total hard reservation and allowing the kernel to reclaim Burstable memory under severe pressure. This results in far better resource sharing and system resilience.
4. New Observability Metrics for Memory QoS
Kubernetes v1.36 introduces two alpha-level metrics on the kubelet /metrics endpoint to help administrators monitor memory QoS behavior:
kubelet_memory_qos_node_memory_min_bytes– total memory.min assigned across all Guaranteed Pods.kubelet_memory_qos_node_memory_low_bytes– total memory.low assigned across all Burstable Pods.
These metrics allow operators to track how much memory is hard- or soft-reserved, compare it against node capacity, and tune reservations accordingly. By providing visibility into the actual protection levels, administrators can make informed decisions about resource allocation and avoid over-reservation that leads to OOM risks.
5. Kernel Version Warning for memory.high
Because the Memory QoS feature relies on the cgroup v2 memory controller, it requires a Linux kernel version 5.4 or newer. In v1.36, the kubelet now emits a warning when it detects that the kernel does not support memory.high (an essential cgroup v2 file for throttling). This warning appears in the kubelet logs and alerts administrators to upgrade their kernel if they intend to use Memory QoS. This proactive feedback helps avoid silent failures or unexpected behavior when the feature is enabled on unsupported kernels. It’s a small but important quality-of-life improvement that ensures clusters operate correctly.
In conclusion, Kubernetes v1.36 Memory QoS brings much-needed flexibility and safety to memory management. By decoupling throttling from reservation, implementing tiered protection, adding observability, and issuing kernel warnings, the feature empowers operators to take control of memory without risking system stability. As the feature progresses toward beta and GA, these enhancements lay a solid foundation for more predictable and efficient resource utilization in Kubernetes clusters.