5 Essential Updates in Kubernetes v1.36 Memory QoS You Need to Know

By • min read

<p>Kubernetes v1.36 brings significant enhancements to the Memory QoS feature, originally introduced in v1.22 and refined in v1.27. Now in its alpha stage, this update refines how the kernel manages container memory using the cgroup v2 memory controller. The key developments include a new opt-in memory reservation policy, tiered memory protection based on workload priority, better observability, and critical kernel version warnings. These changes aim to give cluster administrators finer control over resource allocation, reduce the risk of out-of-memory (OOM) kills, and improve system stability. Below, we break down the five most important aspects you need to understand about the Memory QoS improvements in Kubernetes v1.36.</p> <h2 id="item1">1. Opt-In Memory Reservation with <code>memoryReservationPolicy</code></h2> <p>In v1.36, the memory reservation behavior is now decoupled from throttling. Enabling the MemoryQoS feature gate activates <code>memory.high</code> throttling (default 0.9 factor), but reservation is controlled by a new kubelet configuration field: <code>memoryReservationPolicy</code>. By default set to <code>None</code>, this means no <code>memory.min</code> or <code>memory.low</code> is written, and only throttling works. To opt into reservations, set the policy to <code>TieredReservation</code>, which writes tiered memory protection based on the Pod's QoS class. This separation allows administrators to first enable throttling, observe workload behavior, and then gradually introduce memory protection only when the node has enough headroom, reducing the risk of over-reservation.</p><figure style="margin:20px 0"><img src="https://picsum.photos/seed/995657507/800/450" alt="5 Essential Updates in Kubernetes v1.36 Memory QoS You Need to Know" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px"></figcaption></figure> <h2 id="item2">2. Tiered Protection by QoS Class</h2> <p>When <code>TieredReservation</code> is enabled, the kubelet applies different levels of memory protection:</p> <ul> <li><strong>Guaranteed Pods</strong> receive hard protection via <code>memory.min</code>. The kernel will never reclaim this memory, and if the guarantee cannot be met, it invokes the OOM killer on other processes. For example, a Guaranteed Pod requesting 512 MiB sets <code>memory.min</code> to 536870912 bytes.</li> <li><strong>Burstable Pods</strong> get soft protection via <code>memory.low</code>. The kernel avoids reclaiming under normal pressure but may reclaim it to avoid system-wide OOM. The same 512 MiB request sets <code>memory.low</code>.</li> <li><strong>BestEffort Pods</strong> receive neither <code>memory.min</code> nor <code>memory.low</code>, making their memory fully reclaimable.</li> </ul> <p>This tiered approach ensures critical workloads are protected while allowing flexibility under extreme memory pressure, reducing unnecessary OOM kills.</p> <h2 id="item3">3. Why the Change from v1.27? Better Headroom Management</h2> <p>In earlier versions (v1.22–v1.27), enabling MemoryQoS immediately set <code>memory.min</code> for every container with a memory request, creating a hard reservation that the kernel could not reclaim. On a node with 8 GiB RAM and Burstable Pods requesting 7 GiB, that 7 GiB would be locked, leaving little headroom for system daemons or BestEffort workloads, increasing OOM risks. Version 1.36 addresses this by mapping Burstable requests to <code>memory.low</code> instead of <code>memory.min</code> when using <code>TieredReservation</code>. Only Guaranteed Pods get the hard <code>memory.min</code>, reducing the total hard reservation and allowing the kernel to reclaim Burstable memory under severe pressure. This results in far better resource sharing and system resilience.</p> <h2 id="item4">4. New Observability Metrics for Memory QoS</h2> <p>Kubernetes v1.36 introduces two alpha-level metrics on the kubelet <code>/metrics</code> endpoint to help administrators monitor memory QoS behavior:</p> <ul> <li><code>kubelet_memory_qos_node_memory_min_bytes</code> – total memory.min assigned across all Guaranteed Pods.</li> <li><code>kubelet_memory_qos_node_memory_low_bytes</code> – total memory.low assigned across all Burstable Pods.</li> </ul> <p>These metrics allow operators to track how much memory is hard- or soft-reserved, compare it against node capacity, and tune reservations accordingly. By providing visibility into the actual protection levels, administrators can make informed decisions about resource allocation and avoid over-reservation that leads to OOM risks.</p> <h2 id="item5">5. Kernel Version Warning for <code>memory.high</code></h2> <p>Because the Memory QoS feature relies on the cgroup v2 memory controller, it requires a Linux kernel version 5.4 or newer. In v1.36, the kubelet now emits a warning when it detects that the kernel does not support <code>memory.high</code> (an essential cgroup v2 file for throttling). This warning appears in the kubelet logs and alerts administrators to upgrade their kernel if they intend to use Memory QoS. This proactive feedback helps avoid silent failures or unexpected behavior when the feature is enabled on unsupported kernels. It’s a small but important quality-of-life improvement that ensures clusters operate correctly.</p> <p>In conclusion, Kubernetes v1.36 Memory QoS brings much-needed flexibility and safety to memory management. By decoupling throttling from reservation, implementing tiered protection, adding observability, and issuing kernel warnings, the feature empowers operators to take control of memory without risking system stability. As the feature progresses toward beta and GA, these enhancements lay a solid foundation for more predictable and efficient resource utilization in Kubernetes clusters.</p>