2844
views
✓ Answered

Kubernetes v1.36 Memory QoS: Smarter Memory Protection for Your Pods

Asked 2026-05-01 20:11:14 Category: Cloud Computing

Kubernetes v1.36 brings significant improvements to the Memory QoS feature (still alpha) that gives administrators finer control over how the kernel handles container memory. Originally introduced in v1.22 and updated in v1.27, this release adds opt-in memory reservation with tiered protections per QoS class, new observability metrics, and a warning for unsupported kernel versions. Below, we answer common questions about these enhancements.

1. What's the big change in v1.36 Memory QoS?

The key change is the separation of memory throttling from memory reservation. Previously, enabling the MemoryQoS feature gate automatically applied hard reservations (memory.min) to all containers with a memory request. In v1.36, throttling via memory.high still activates when the feature gate is on, but you now control reservation with a separate field: memoryReservationPolicy. This allows you to first enable throttling, observe workload behavior, and then opt into reservation only when your node has sufficient memory headroom. The default policy is None (no reservation), while TieredReservation applies different protection levels based on the Pod's QoS class.

Kubernetes v1.36 Memory QoS: Smarter Memory Protection for Your Pods

2. How does tiered reservation work for each QoS class?

When memoryReservationPolicy is set to TieredReservation, the kubelet writes cgroup v2 memory protection values differently per QoS class:

  • Guaranteed Pods: Get hard protection via memory.min. The kernel will never reclaim this memory. If it can't honor the guarantee, it invokes the OOM killer on other processes. For example, a Guaranteed Pod requesting 512 MiB of memory sets memory.min to 536870912 bytes.
  • Burstable Pods: Get soft protection via memory.low. The kernel avoids reclaiming this memory under normal pressure, but may reclaim it under extreme pressure to prevent a system-wide OOM.
  • BestEffort Pods: Receive neither memory.min nor memory.low. Their memory remains fully reclaimable.

This tiered approach balances protection against overall node stability, especially when memory is scarce.

3. Why is this better than the v1.27 behavior?

In earlier versions (v1.22–v1.27), enabling Memory QoS immediately locked every container's memory request as memory.min — a hard reservation. Consider a node with 8 GiB RAM where Burstable Pods request a total of 7 GiB. That 7 GiB was all hard-reserved, leaving minimal free memory for system daemons, BestEffort workloads, or the kernel itself. This increased the risk of OOM kills. With v1.36, Burstable requests map to memory.low instead of memory.min. Under normal pressure, the memory is still protected, but in a crisis the kernel can reclaim some of it to avoid a system-wide failure. Only Guaranteed Pods get the hard reservation, keeping the overall headroom safer.

4. Can I enable throttling first and add reservation later?

Absolutely. That's the whole idea behind splitting the two concerns. By default, with the MemoryQoS feature gate enabled and memoryReservationPolicy: None, the kubelet will set memory.high based on your memoryThrottlingFactor (default 0.9) to throttle container memory usage. This helps reduce pressure and gives you time to observe how workloads behave. Once you're confident and have enough memory headroom, you can switch to TieredReservation to add the protection layer. This incremental adoption reduces risk and makes tuning easier.

5. What observability metrics are now available?

Two new alpha metrics are exposed on the kubelet's /metrics endpoint to help you monitor Memory QoS:

  • kubelet_memory_qos_node_memory_min_bytes: Total amount of memory reserved as memory.min on the node.
  • kubelet_memory_qos_node_memory_low_bytes: Total amount of memory set as memory.low on the node.

These metrics let you see the actual protection levels applied, making it easier to tune your cluster and validate that resource guarantees are working as expected.

6. Is there a warning for unsupported kernel versions?

Yes. v1.36 adds a clear warning when the node's kernel does not support memory.high in cgroup v2. The feature requires Linux kernel 5.4 or newer (and a cgroup v2 unified hierarchy). If you attempt to enable Memory QoS on an older or improperly configured kernel, the kubelet will emit a warning in the logs. This helps administrators identify configuration issues early rather than silently failing. Always ensure your nodes meet the kernel requirement before enabling the feature gate.

How Ubuntu Names Its Releases: A Step-by-Step Look at the Codenaming Process Revisiting the Satoshi Nakamoto Mystery: Could Adam Back Be Bitcoin’s Creator? British Hacker Behind Tech Giants Phishing Spree Pleads Guilty cPanel Authentication Flaw: 6 Urgent Steps to Secure Your Server AWS Reveals 2026 Heroes Cohort: Three Visionaries Driving Cloud Innovation Across Continents

Related Questions

5 Game-Changing AWS Updates: From Anthropic’s Deep Collaboration to Lambda S3 Files (April 2026)
Mastering Amazon ECS Managed Daemons: A Step-by-Step Guide for Platform Engineers
CSS & Web Platform Q&A: Clip-Path Puzzles, View Transitions, Scoping, and More
Kubernetes v1.36 Overhauls Memory Management: Tiered Protection and Opt-In Reservation Go Alpha
ClickHouse on Docker Hardened Images: How to Bypass Security Blocks in Production Deployments
AWS Interconnect Goes Live: Managed Private Connectivity Across Clouds and to the Last Mile
Mastering CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Amazon ECS Launches Managed Daemons for Independent Agent Control