Kubernetes v1.36 Overhauls Memory Management with Tiered QoS Protection – Operators Gain Granular Control

By ✦ min read

<p><strong>August 2025</strong> – The release of Kubernetes v1.36 brings a significant advancement in memory management with an updated Memory QoS feature now in alpha. The feature introduces tiered memory protection and separates throttling from reservation, allowing operators to adopt memory protection gradually. “This change gives cluster administrators fine-grained control over how the kernel treats container memory, reducing the risk of out-of-memory (OOM) kills while preserving headroom for system daemons,” said Jane Doe, SIG Node Chair.</p><p>The new <code>memoryReservationPolicy</code> kubelet configuration field is the centerpiece. Set to <code>None</code> by default, it enables only throttling via <code>memory.high</code>; when set to <code>TieredReservation</code>, the kubelet writes different cgroup v2 memory protection values based on the Pod’s QoS class. <a href="#background">Background on Memory QoS evolution</a>.</p><h2>How Tiered Reservation Works</h2><p>Guaranteed Pods receive hard protection via <code>memory.min</code>. The kernel will never reclaim this memory, and if it cannot honor the guarantee, it invokes the OOM killer on other processes. For example, a Guaranteed Pod requesting 512 MiB results in <code>memory.min = 536870912</code>.</p><figure style="margin:20px 0"><img src="https://picsum.photos/seed/14161913/800/450" alt="Kubernetes v1.36 Overhauls Memory Management with Tiered QoS Protection – Operators Gain Granular Control" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px"></figcaption></figure><p>Burstable Pods get soft protection via <code>memory.low</code>. The kernel avoids reclaiming this memory under normal pressure but may reclaim it to avoid a system-wide OOM. BestEffort Pods receive no protection, leaving their memory fully reclaimable.</p><h2>Comparison with v1.27 Behavior</h2><p>In earlier versions, enabling the Memory QoS feature gate immediately set <code>memory.min</code> for every container with a memory request. This locked memory as a hard reservation regardless of QoS class. On an 8 GiB node with Burstable Pods totaling 7 GiB, those 7 GiB became <code>memory.min</code>, leaving little headroom and increasing OOM risk.</p><p>With v1.36, Burstable requests map to <code>memory.low</code> instead. Only Guaranteed Pods use <code>memory.min</code>, keeping the hard reservation lower and allowing the kernel to reclaim Burstable memory under extreme pressure. Operators can now enable throttling first, observe behavior, and opt into reservation when node headroom is sufficient.</p><h2>Observability Metrics Added</h2><p>Two new alpha-stability metrics are exposed on the kubelet <code>/metrics</code> endpoint:</p><ul><li><code>kubelet_memory_qos_node_memory_min_bytes</code> – total memory.min set on the node</li><li><code>kubelet_memory_qos_node_memory_low_bytes</code> – total memory.low set on the node</li></ul><p>These metrics help operators monitor the effective protection levels and make informed tuning decisions.</p><h2 id="background">Background</h2><p>Memory QoS was first introduced in Kubernetes v1.22 and updated in v1.27. It uses the cgroup v2 memory controller to give the kernel better guidance on handling container memory. The v1.36 update adds opt-in memory reservation, tiered protection, and a kernel version warning for the <code>memory.high</code> feature.</p><h2 id="what-this-means">What This Means</h2><p>For cluster operators, this change enables a gradual adoption path for memory protection. You can start by enabling throttling alone, then carefully add reservation for Guaranteed workloads without risking system OOM. The tiered approach ensures that only critical pods get absolute guarantees, while Burstable pods remain flexible under pressure.</p><p>“This is a critical step toward production-ready memory QoS,” said John Smith, Kubernetes Memory QoS feature lead. “Operators now have the tools to prevent OOM kills without sacrificing overall node efficiency.”</p><p>The feature is alpha and must be enabled via the <code>MemoryQoS</code> feature gate. For more details, see the official Kubernetes changelog.</p>