Kubernetes v1.36 Unleashes Tiered Memory Protection: New Alpha Feature Prevents OOM Kill Risks
Kubernetes v1.36 Introduces Tiered Memory Protection with Memory QoS Alpha
On behalf of SIG Node, the Kubernetes community has announced a significant update to the Memory QoS feature, now in alpha for v1.36. This new version replaces the previous all-or-nothing memory reservation model with a tiered protection system that prevents unnecessary Out-of-Memory (OOM) kills.
“With v1.36, we're giving cluster operators fine-grained control over how memory is protected,” said a SIG Node representative. “By separating throttling from reservation, administrators can now safely enable memory guarantees without starving system processes.”
What's New in v1.36: Opt-In Memory Reservation
In previous versions (v1.22–v1.27), enabling the MemoryQoS feature gate immediately set memory.min for every container with a memory request—a hard reservation the kernel would never reclaim. This often led to OOM kills when Burstable or BestEffort workloads consumed all available memory.
V1.36 introduces the memoryReservationPolicy kubelet configuration option, which separates throttling from reservation. The feature gate still activates memory.high throttling (based on memoryThrottlingFactor, default 0.9), but reservation is now optional:
- None (default): No
memory.minormemory.lowis written. Throttling viamemory.highstill works. - TieredReservation: The kubelet writes tiered memory protection based on the Pod's QoS class.
Tiered Protection by QoS Class
With TieredReservation, the kernel applies different levels of memory protection:
- Guaranteed Pods receive
memory.min—hard protection. For example, a Guaranteed Pod requesting 512 MiB results inmemory.min = 536870912. The kernel will not reclaim this memory; if it cannot honor the guarantee, it triggers the OOM killer on other processes. - Burstable Pods get
memory.low—soft protection. Under normal pressure, the kernel avoids reclaiming this memory, but under extreme pressure, it may reclaim part of it to avoid a system-wide OOM. - BestEffort Pods receive neither
memory.minnormemory.low. Their memory remains fully reclaimable.
Comparison with v1.27 Behavior
In v1.27, enabling MemoryQoS immediately set memory.min for every container with a memory request—a hard reservation that the kernel would never reclaim. Consider an 8 GiB node where Burstable Pod requests total 7 GiB: that 7 GiB was locked, leaving little headroom for the kernel, system daemons, or BestEffort workloads, increasing OOM kill risk.
With tiered reservation in v1.36, those Burstable requests map to memory.low instead. Under extreme pressure, the kernel can reclaim part of that memory, preserving stability. “Only Guaranteed Pods use memory.min, which keeps hard reservation lower and provides more headroom,” the representative explained.
Observability Metrics
Two alpha-stability metrics are exposed on the kubelet /metrics endpoint:
kubelet_memory_qos_node_memory_min_bytes– Total memory reserved viamemory.minacross all Pods.kubelet_memory_qos_node_memory_low_bytes– Total memory reserved viamemory.lowacross all Pods.
These metrics allow cluster operators to monitor how much memory is protected versus reclaimable, enabling capacity planning and tuning.
Background
Memory QoS was first introduced in Kubernetes v1.22 as an alpha feature. It uses the cgroup v2 memory controller to give the kernel better guidance on how to treat container memory. The feature was updated in v1.27 but still lacked granularity. Version 1.36 refines the approach by adding tiered protection and opt-in reservation.
The update also includes a kernel-version warning for memory.high usage, ensuring administrators are aware of kernel compatibility requirements.
What This Means
This tiered memory protection reduces the risk of system-wide OOM kills by allowing the kernel to reclaim memory from Burstable Pods under extreme pressure, rather than killing processes. Cluster operators can now safely enable memory throttling first, observe workload behavior, and opt into hard reservations only when sufficient headroom exists.
For production clusters, this means higher resource utilization without sacrificing stability. The memoryReservationPolicy configuration gives operators control to fine-tune memory management, particularly for nodes with mixed workloads.
As the feature is still alpha, administrators should test on non-production clusters first. Visit the tiered reservation documentation and observability metrics guide for more details.