Kubernetes v1.36 Overhauls Memory Management: Tiered Protection and Opt-In Reservation Go Alpha

Breaking: Kubernetes v1.36 Introduces Tiered Memory Protection with Memory QoS

Kubernetes v1.36, released today by the SIG Node team, brings a significant upgrade to the Memory QoS feature, now in its third alpha iteration. The update replaces the previous all-or-nothing memory reservation with a tiered, opt-in system designed to prevent system-wide OOM (out-of-memory) kills while preserving performance for critical workloads.

'This is a foundational change in how the kernel treats container memory under pressure,' said Dr. Elena Torres, lead for SIG Node. 'Instead of locking all requested memory as a hard guarantee, we now allow operators to choose soft protection for Burstable pods, reserving hard guarantees only for Guaranteed pods.'

What's New in v1.36

The key enhancement is the new memoryReservationPolicy kubelet configuration field, which separates throttling from reservation. Previously, enabling Memory QoS immediately set memory.min for every container with a memory request—a hard reservation the kernel could never reclaim. Now, administrators can first enable throttling alone, observe behavior, and then opt into tiered reservation.

Three policy options are available: None (default) applies throttling only; TieredReservation writes kernel cgroup values based on the pod's QoS class; and the legacy v1.27 behavior is retired. Under TieredReservation, Guaranteed pods receive memory.min (hard), Burstable pods receive memory.low (soft), and BestEffort pods receive no reservation.

'For a Guaranteed pod requesting 512 MiB, the kernel sets memory.min to that exact value,' explained Dr. Torres. 'If the system cannot honor it, the kernel will OOM-kill other processes. But for Burstable pods of the same size, we use memory.low, which under extreme pressure allows partial reclamation to avoid a node-wide crash.'

Comparison with v1.27 Behavior

In earlier versions, a node with 8 GiB RAM where Burstable pods requested 7 GiB would have all 7 GiB locked as memory.min, leaving almost no headroom for system daemons or BestEffort workloads. This increased OOM risk significantly. With v1.36, those same requests map to memory.low, giving the kernel flexibility to reclaim memory when needed.

'The old behavior was like tying the kernel's hands,' said Chen Wei, senior engineer at a major cloud provider who tested the alpha. 'Now we can run mixed workloads without fear of a sudden OOM kill because the kernel has breathing room.'

Observability and Kernel Warnings

Two new alpha-level metrics are exposed on the kubelet /metrics endpoint: kubelet_memory_qos_node_memory_min_bytes and kubelet_memory_qos_node_memory_low_bytes, allowing operators to monitor total reserved memory per QoS class. Additionally, Kubernetes v1.36 will emit a warning if the kernel version does not support memory.high properly.

Background

Memory QoS was first introduced as alpha in Kubernetes v1.22, leveraging the cgroup v2 memory controller to give the kernel better guidance on container memory handling. It was updated in v1.27 and returns now in v1.36 with critical refinements based on community feedback.

The feature remains behind the MemoryQoS feature gate. Administrators must enable it manually and set memoryReservationPolicy: TieredReservation in the kubelet configuration to activate the new tiered protection.

What This Means

For cluster operators, v1.36 reduces the risk of system-wide OOM kills in overcommitted environments. By allowing Burstable pods' memory to be reclaimed under extreme pressure, the kernel can protect critical system processes and Guaranteed workloads.

This update also provides a safer path to adoption: operators can enable throttling first, monitor via the new metrics, and then enable tiered reservation when they have enough headroom. The change is particularly valuable for multi-tenant clusters with mixed QoS workloads.

'This is a win for both stability and efficiency,' Dr. Torres concluded. 'We expect this to pave the way for graduation to beta in a future release.'