Kubernetes v1.36 Unleashes Tiered Memory Protection: New Alpha Feature Prevents OOM Kill Risks
By ⚡ min read
<h2>Kubernetes v1.36 Introduces Tiered Memory Protection with Memory QoS Alpha</h2>
<p>On behalf of SIG Node, the Kubernetes community has announced a significant update to the Memory QoS feature, now in alpha for v1.36. This new version replaces the previous all-or-nothing memory reservation model with a tiered protection system that prevents unnecessary Out-of-Memory (OOM) kills.</p><figure style="margin:20px 0"><img src="https://picsum.photos/seed/67809892/800/450" alt="Kubernetes v1.36 Unleashes Tiered Memory Protection: New Alpha Feature Prevents OOM Kill Risks" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px"></figcaption></figure>
<p>“With v1.36, we're giving cluster operators fine-grained control over how memory is protected,” said a SIG Node representative. “By separating throttling from reservation, administrators can now safely enable memory guarantees without starving system processes.”</p>
<h3>What's New in v1.36: Opt-In Memory Reservation</h3>
<p>In previous versions (v1.22–v1.27), enabling the MemoryQoS feature gate immediately set <code>memory.min</code> for every container with a memory request—a hard reservation the kernel would never reclaim. This often led to OOM kills when Burstable or BestEffort workloads consumed all available memory.</p>
<p>V1.36 introduces the <code>memoryReservationPolicy</code> kubelet configuration option, which separates throttling from reservation. The feature gate still activates <code>memory.high</code> throttling (based on <code>memoryThrottlingFactor</code>, default 0.9), but reservation is now optional:</p>
<ul>
<li><strong>None (default):</strong> No <code>memory.min</code> or <code>memory.low</code> is written. Throttling via <code>memory.high</code> still works.</li>
<li><strong>TieredReservation:</strong> The kubelet writes tiered memory protection based on the Pod's QoS class.</li>
</ul>
<h3>Tiered Protection by QoS Class</h3>
<p>With <code>TieredReservation</code>, the kernel applies different levels of memory protection:</p>
<ul>
<li><strong>Guaranteed Pods</strong> receive <code>memory.min</code>—hard protection. For example, a Guaranteed Pod requesting 512 MiB results in <code>memory.min = 536870912</code>. The kernel will not reclaim this memory; if it cannot honor the guarantee, it triggers the OOM killer on other processes.</li>
<li><strong>Burstable Pods</strong> get <code>memory.low</code>—soft protection. Under normal pressure, the kernel avoids reclaiming this memory, but under extreme pressure, it may reclaim part of it to avoid a system-wide OOM.</li>
<li><strong>BestEffort Pods</strong> receive neither <code>memory.min</code> nor <code>memory.low</code>. Their memory remains fully reclaimable.</li>
</ul>
<h3>Comparison with v1.27 Behavior</h3>
<p>In v1.27, enabling MemoryQoS immediately set <code>memory.min</code> for every container with a memory request—a hard reservation that the kernel would never reclaim. Consider an 8 GiB node where Burstable Pod requests total 7 GiB: that 7 GiB was locked, leaving little headroom for the kernel, system daemons, or BestEffort workloads, increasing OOM kill risk.</p>
<p>With tiered reservation in v1.36, those Burstable requests map to <code>memory.low</code> instead. Under extreme pressure, the kernel can reclaim part of that memory, preserving stability. “Only Guaranteed Pods use <code>memory.min</code>, which keeps hard reservation lower and provides more headroom,” the representative explained.</p>
<h3>Observability Metrics</h3>
<p>Two alpha-stability metrics are exposed on the kubelet <code>/metrics</code> endpoint:</p>
<ul>
<li><strong><code>kubelet_memory_qos_node_memory_min_bytes</code></strong> – Total memory reserved via <code>memory.min</code> across all Pods.</li>
<li><strong><code>kubelet_memory_qos_node_memory_low_bytes</code></strong> – Total memory reserved via <code>memory.low</code> across all Pods.</li>
</ul>
<p>These metrics allow cluster operators to monitor how much memory is protected versus reclaimable, enabling capacity planning and tuning.</p>
<h2>Background</h2>
<p>Memory QoS was first introduced in Kubernetes v1.22 as an alpha feature. It uses the cgroup v2 memory controller to give the kernel better guidance on how to treat container memory. The feature was updated in v1.27 but still lacked granularity. Version 1.36 refines the approach by adding tiered protection and opt-in reservation.</p>
<p>The update also includes a kernel-version warning for <code>memory.high</code> usage, ensuring administrators are aware of kernel compatibility requirements.</p>
<h2>What This Means</h2>
<p>This tiered memory protection reduces the risk of system-wide OOM kills by allowing the kernel to reclaim memory from Burstable Pods under extreme pressure, rather than killing processes. Cluster operators can now safely enable memory throttling first, observe workload behavior, and opt into hard reservations only when sufficient headroom exists.</p>
<p>For production clusters, this means higher resource utilization without sacrificing stability. The <code>memoryReservationPolicy</code> configuration gives operators control to fine-tune memory management, particularly for nodes with mixed workloads.</p>
<p>As the feature is still alpha, administrators should test on non-production clusters first. Visit the <a href="#tiered-reservation">tiered reservation documentation</a> and <a href="#observability-metrics">observability metrics guide</a> for more details.</p>