10 Key Insights into Kubernetes v1.36’s In-Place Pod-Level Resources Scaling Beta

Kubernetes v1.36 brings a significant milestone for cluster operators and application developers: the In-Place Pod-Level Resources Vertical Scaling feature graduates to Beta. This capability, enabled by default via the InPlacePodLevelResourcesVerticalScaling feature gate, allows you to adjust the aggregate resource budget for a running Pod—often without restarting any containers. In this listicle, we break down the top ten things you need to know to leverage this powerful feature effectively.

1. What Is Pod-Level Resources Vertical Scaling?

Pod-Level Resources Vertical Scaling lets you modify the total resource limits (CPU, memory) defined at the Pod spec level while the Pod is running. Previously, you could only set per-container limits; now you can define a shared pool. For example, specifying spec.resources.limits.cpu: 2 gives all containers in the Pod a collective 2 CPUs. In v1.36, you can resize that collective boundary on the fly using the resize subresource. This means scaling up or down the aggregate budget without editing individual container specs, simplifying management for multi-container Pods.

2. Why This Matters for Complex Pods

Modern workloads often include sidecar containers (e.g., logging, service meshes) alongside primary applications. Managing separate resource limits for each container can be tedious and error-prone, especially when the workload surges. With Pod-level vertical scaling, you treat the entire Pod as a single resource unit. When peak demand hits, you can expand the shared pool—say from 2 to 4 CPU—and all containers that inherit from the Pod budget automatically get more room. This eliminates manual per-container recalculations and reduces operational friction.

3. How In-Place Resizing Works

To perform an in-place resize, you issue a patch to the Pod’s resize subresource. For example: kubectl patch pod my-pod --subresource resize --patch '{"spec":{"resources":{"limits":{"cpu":"4"}}}}'. The Kubelet then treats the change as a resize event. It checks each container’s resizePolicy to decide whether the update can be applied without a restart. If the policy allows dynamic cgroup updates via the Container Runtime Interface (CRI), the new limits take effect immediately. If the policy requires a restart, the container is cycled. Note that the resize itself is a request; the Kubelet validates feasibility before applying.

4. The Role of the resizePolicy

Each container in a Pod can define a resizePolicy that tells the Kubelet how to handle its resource changes. Currently, two restart policies are supported: NotRequired and RestartContainer. When you update the Pod-level budget, the Kubelet applies the change to every container that inherits its limits from that budget. For containers with NotRequired, it tries to update cgroups in-place; for RestartContainer, it restarts the container to apply the new boundary safely. This policy is defined per resource (CPU, memory) and is not yet available at the Pod level, so you must set it on individual containers.

5. Non-Disruptive vs. Disruptive Updates

Non-disruptive updates occur when a container’s resizePolicy is set to NotRequired. The Kubelet adjusts the cgroup limits dynamically, allowing the container to run uninterrupted. This is ideal for workloads where any restart would degrade service. Disruptive updates happen with RestartContainer—the container is stopped and started with the new resource allocation. This is necessary for applications that need to reallocate internal buffers or rely on fixed resource boundaries at startup. Choosing the right policy depends on your container’s ability to adapt to runtime resource changes.

6. Example: Scaling a Shared Resource Pool

Imagine a Pod named shared-pool-app with a Pod-level CPU limit of 2 CPUs. It contains two containers: main-app and sidecar, each with resizePolicy: [{resourceName: "cpu", restartPolicy: "NotRequired"}]. Because neither container defines its own limits, they share the 2-CPU pool. To double capacity to 4 CPUs, apply the patch shown earlier. The Kubelet recognizes that both containers use NotRequired and updates their cgroup allocations in-place. The running processes immediately see more CPU time without any downtime.

7. Node-Level Feasibility Checks

Issuing a resize patch is only the beginning. The Kubelet performs a series of checks to ensure safety and feasibility. It verifies that the requested aggregate limits do not exceed the node’s allocatable resources. It also checks that no individual container requests (if defined) conflict with the new Pod-level budget. If the Pod is using Guaranteed QoS class, the resize must maintain that class. The Kubelet also ensures that the delta in resources can be satisfied by the node’s current capacity. If any check fails, the resize is rejected, and the Pod remains unchanged.

8. Safety Sequence for Applying In-Place Updates

The Kubelet follows a strict sequence when applying a verified resize: first, it updates the Pod’s cgroup parent to reflect the new aggregate limits. Next, for each container with NotRequired, it adjusts the container cgroup boundary. For RestartContainer, it terminates the container, re-creates it with the new limits, and starts it. Finally, it updates the Pod’s status to reflect the successful resize. This order prevents resource overcommit and ensures that no container ever exceeds its allowed share. The sequence is atomic—if any step fails, the entire operation rolls back.

9. Limitations and Future Directions

While powerful, this feature has constraints: resizePolicy cannot be set at the Pod level yet, requiring per-container configurations. Also, the initial Pod resource definition must include both requests and limits if you intend to later resize them. In future releases, expect Pod-level resizePolicy support and perhaps downward API exposure of the effective limits. The community is also exploring integration with autoscalers to automate Pod-level vertical scaling based on metrics.

10. How to Enable and Test This Feature

As of v1.36, the feature is enabled by default. To test it, create a Pod with Pod-level resource limits and per-container resizePolicy. Use the kubectl patch --subresource resize command to adjust limits. Monitor kubectl describe pod to see the new resource allocations. You can also check container cgroups directly for Linux nodes. For the best experience, start with simple Pods that have NotRequired policies to see non-disruptive updates in action.

Kubernetes v1.36’s in-place Pod-level vertical scaling Beta brings unprecedented flexibility to resource management. By treating the whole Pod as a single unit, you reduce complexity, improve uptime, and respond faster to demand. We encourage you to explore this feature in a test cluster and see how it streamlines your operations.