Kubernetes v1.36 introduces a refined approach to memory management with the Memory QoS feature, now in its third alpha iteration. This update separates memory throttling from reservation, offering tiered protection based on Pod QoS classes and new observability metrics. Whether you are a cluster administrator or developer, these changes help optimize memory usage and reduce the risk of system-wide OOM kills. In this article, we break down the ten most important things you need to know about the new Memory QoS capabilities in Kubernetes v1.36.

1. Memory QoS Overview

Memory QoS is an alpha feature that uses the cgroup v2 memory controller to give the Linux kernel better guidance on how to treat container memory. First introduced in Kubernetes v1.22 and updated in v1.27, it enables more precise control over memory allocation and reclamation. In v1.36, the feature is enhanced with opt-in memory reservation, tiered protection by QoS class, and new kubelet metrics. This allows administrators to balance workload performance with system stability, especially under memory pressure.

2. Separation of Throttling and Reservation

Prior to v1.36, enabling the MemoryQoS feature gate automatically set memory.min for containers with memory requests, creating a hard reservation. This could lock up memory even for Burstable Pods, reducing headroom. In v1.36, throttling (via memory.high) and reservation (via memory.min/memory.low) are decoupled. You can enable throttling without reservation, then opt into reservation when your node has enough capacity. This is controlled by the new memoryReservationPolicy kubelet configuration field.

3. New Opt-in Memory Reservation Policy

The memoryReservationPolicy field accepts two values: None (default) and TieredReservation. With None, the kubelet sets memory.high based on the memoryThrottlingFactor (default 0.9) but does not write memory.min or memory.low. With TieredReservation, the kubelet writes tiered memory protection based on the Pod's QoS class. This granular control lets you observe workload behavior before committing to reservation.

4. Hard Protection for Guaranteed Pods

When TieredReservation is enabled, Guaranteed Pods receive hard protection via memory.min. The kernel will never reclaim this memory, even under extreme pressure. If the guarantee cannot be honored, the kernel triggers the OOM killer on other processes. For example, a Guaranteed Pod requesting 512 MiB of memory gets memory.min set to 536870912 bytes. This ensures critical workloads have stable memory but reduces available headroom.

5. Soft Protection for Burstable Pods

Burstable Pods now get soft protection via memory.low instead of the previous hard memory.min. The kernel avoids reclaiming this memory under normal memory pressure but may reclaim it if necessary to avoid a system-wide OOM. This is a key change from v1.27, where Burstable Pods would lock memory.min. For a Burstable Pod with a 512 MiB request, memory.low is set to the same value. This provides a good balance between performance and system resilience.

6. No Protection for BestEffort Pods

BestEffort Pods, which have no memory requests or limits, receive neither memory.min nor memory.low. Their memory remains fully reclaimable by the kernel. This aligns with the BestEffort QoS class design: these pods are the first to be evicted under memory pressure. The tiered approach ensures that critical and burstable workloads get prioritized while best-effort tasks are treated as expendable.

7. Comparison with v1.27 Behavior

In Kubernetes v1.27, enabling MemoryQoS set memory.min for every container with a memory request, regardless of QoS class. This created a hard reservation that could lock up to 7 GiB on an 8 GiB node if Burstable Pods requested that much, leaving very little memory for the kernel, system daemons, or BestEffort workloads. The result was an increased risk of OOM kills. With v1.36 tiered reservation, Burstable Pods use memory.low, so under extreme pressure the kernel can reclaim that memory. Only Guaranteed Pods use memory.min, keeping hard reservations lower and reducing OOM risks.

8. Observability Metrics

Two new alpha-level metrics are exposed on the kubelet /metrics endpoint to help you monitor Memory QoS behavior. The kubelet_memory_qos_node_memory_min_bytes metric reports the total memory.min across all Pods on the node. The kubelet_memory_qos_node_memory_low_bytes metric reports the total memory.low. These metrics allow cluster administrators to see how much memory is protected and make informed decisions about enabling reservation.

9. Throttling Configuration and Kernel Warnings

Throttling via memory.high is always active when the MemoryQoS feature gate is enabled. The kubelet sets memory.high to memoryThrottlingFactor * memoryRequest (default 0.9). This triggers reclaim attempts when memory usage approaches the limit. Additionally, v1.36 adds a kernel-version warning if memory.high is set on kernels that do not support it properly. Always ensure your nodes run a kernel version that supports the cgroup v2 memory controller before using this feature.

10. Future Directions and Recommendations

The Memory QoS feature remains alpha in v1.36, and the Kubernetes community is actively gathering feedback. The separation of throttling and reservation allows a cautious rollout: enable throttling first, monitor with the new metrics, and then opt into tiered reservation when you are confident your node has enough headroom. Future releases may stabilize these APIs and add more granular controls. For now, we recommend testing in non-production clusters and keeping up with SIG Node discussions.

In conclusion, Kubernetes v1.36 brings significant improvements to memory management by decoupling throttling from reservation and providing tiered protection based on QoS class. This enables better utilization of node memory while reducing the risk of OOM kills. The new metrics and opt-in policy give administrators the visibility and control needed to fine-tune memory allocation. As the feature evolves, these enhancements will help Kubernetes handle diverse workloads more efficiently.