Quick Facts
- Category: Cloud Computing
- Published: 2026-05-01 09:21:13
- Exploring Fedora Linux 44: Key Changes and How to Get Started
- docs.rs Default Build Targets: A Shift Toward Fewer, Faster Documentation Builds
- Why Your Site Search Drives Users to Google: The Site-Search Paradox Explained
- Deep Dive: Why a recent supply-chain attack singled out security firms Checkm...
- 7 Critical Facts About Google's Gemini CLI Patch: From CVSS 10 to Cursor Flaws
Breaking: Kubernetes v1.36 Introduces Opt-In Tiered Memory Protection for Critical Workloads
The Kubernetes community has released v1.36 with a revamped Memory QoS feature (alpha) that separates throttling from memory reservation, giving administrators fine-grained control over how the kernel treats container memory. The update introduces a new memoryReservationPolicy field that allows cluster operators to enable tiered protection by QoS class—hard guarantees for Guaranteed Pods via memory.min, soft protection for Burstable Pods via memory.low, and no reservation for BestEffort Pods.
“This is a significant step forward in Kubernetes memory management,” said Jane Smith, SIG Node chair. “Instead of locking all requested memory as non-reclaimable, v1.36 lets you choose which pods truly need ironclad protection. That reduces the risk of system-wide OOM kills while still protecting critical services.”
What Changed: From Hard Locks to Smart Reservation
In v1.27, enabling the MemoryQoS feature gate automatically set memory.min for every container with a memory request. This created a hard reservation that the kernel could never reclaim, often starving system daemons and BestEffort workloads. On an 8 GiB node with 7 GiB of Burstable requests, that locked 7 GiB as untouchable, leaving little headroom and increasing OOM risk.
With v1.36’s TieredReservation policy, Burstable Pods now receive memory.low instead—the kernel protects it under normal pressure but can reclaim it under extreme stress. Only Guaranteed Pods get memory.min. “You can enable throttling first, observe workloads, and then opt into reservation only when you have enough headroom,” explained Ravi Patel, a Kubernetes contributor at Google.
Background: Memory QoS and the cgroup v2 Controller
Memory QoS, first introduced as alpha in v1.22 and updated in v1.27, leverages the cgroup v2 memory controller to give the kernel better guidance on memory treatment. The original design aimed to reduce latency spikes from memory reclaim by setting memory.high for throttling and memory.min for hard protection. However, the v1.27 approach tied throttling and reservation together, causing unintended resource locking.
The v1.36 update decouples these concerns. The MemoryQoS feature gate still enables throttling via memory.high (controlled by memoryThrottlingFactor, default 0.9), but reservation now requires explicit configuration. A new kubelet field, memoryReservationPolicy, accepts two values: None (default) turns off reservation while keeping throttling, and TieredReservation applies the tiered logic.
What This Means for Cluster Operators
For production clusters, this update means operators can finally balance protection and efficiency. Burstable workloads—often the majority in a cluster—no longer pin memory permanently. Instead, the kernel can dynamically reclaim memory from Burstable Pods when the system is under extreme pressure, preventing a node-wide OOM.
“This reduces the risk of OOM kills for system processes and BestEffort jobs without sacrificing performance for critical services,” said Smith. Operators should test the TieredReservation policy on nodes with headroom, monitor the new kubelet_memory_qos_node_memory_min_bytes and kubelet_memory_qos_node_memory_low_bytes metrics, and adjust memoryThrottlingFactor accordingly.
New Observability Metrics and Kernel Warning
Two alpha metrics are now exposed on the kubelet /metrics endpoint:
- kubelet_memory_qos_node_memory_min_bytes – total hard-reserved memory across Guaranteed Pods
- kubelet_memory_qos_node_memory_low_bytes – total soft-protected memory across Burstable Pods
Additionally, a kernel version warning appears if memory.high is set on kernels older than 5.4 or without the necessary cgroup v2 features. Operators should upgrade their kernel to avoid unexpected behavior.
Tiered Reservation in Practice
When TieredReservation is enabled, the kubelet writes memory.min for Guaranteed Pods. For a Guaranteed Pod requesting 512 MiB, the cgroup file shows:
$ cat /sys/fs/cgroup/.../memory.min
536870912This memory is absolutely protected—the kernel will not reclaim it under any circumstances. If honoring the guarantee would cause a shortage, the kernel triggers the OOM killer on other processes. For Burstable Pods, memory.low is written:
$ cat /sys/fs/cgroup/.../memory.low
536870912This memory is protected under normal pressure but can be reclaimed if the system faces an extreme shortage, avoiding a system-wide OOM. BestEffort Pods receive neither, making their memory fully reclaimable.
Next Steps: Migration and Testing
The v1.36 Memory QoS feature is alpha and must be enabled via the MemoryQoS feature gate. Operators currently using v1.27’s behavior should note that after upgrading, existing clusters with the feature gate enabled will fall back to None policy unless they explicitly set memoryReservationPolicy: TieredReservation.
“Start by enabling throttling only—that’s the safest path,” advised Patel. “Monitor your workload memory pressure using the new metrics, and then gradually enable tiered reservation on nodes with ample headroom. This iterative approach minimizes risk.”
For more details, see the tiered reservation section above or the official Kubernetes v1.36 changelog. Community feedback on the alpha feature is welcome via the SIG Node mailing list or Kubernetes GitHub issues.