Kubernetes Node Image Management: Cross-CSP Analysis

[hanizang77]

Kubernetes Node Image Management: Cross-CSP Analysis

Scope: AWS, GCP, Azure, Alibaba, Tencent, IBM, NCP, NHN image data

---

Background

We discovered that images retrieved via AWS SDK cannot be directly used for K8s cluster node group creation (Issue #2200). This finding prompted a comprehensive investigation into whether other CSPs have similar constraints and how each CSP manages Kubernetes node images, with the goal of determining the appropriate K8s image API design for CB-Tumblebug.

---

Key Findings

🎯 Major Discoveries

1. AWS & GCP use type parameters instead of image IDs

   • AWS: 260K images classified as isKubernetesImage=true in DB, but EKS API cannot use them directly
   • GCP: 3,358 images classified as K8s images, but 99.4% are Deprecated; image-type parameter recommended
   • Conclusion: For AWS/GCP, existing image API should return type list instead of stored image IDs

2. Alibaba/Tencent/NHN directly specify VM images for automatic K8s node conversion

   • No dedicated K8s images; accepts general VM images as input
   • CSP automatically installs kubelet and containerd
   • Conclusion: Existing image list API can be used as-is

3. Azure/IBM/NCP do not allow image specification (fully automated)

   • Users cannot select images
   • CSP automatically selects images matching Kubernetes version

💡 CB-Tumblebug Implementation Direction

GET /images?isKubernetesImage=true behavior change:

AWS/GCP:
├─ Do NOT return stored image IDs (260K for AWS, 3,358 for GCP)
└─ Return abstracted type lists instead:
    ├─ AWS: 11 ami-types (AL2023_x86_64_STANDARD, AL2_x86_64_GPU, etc.)
    └─ GCP: 6 image-types (COS_CONTAINERD, UBUNTU_CONTAINERD, etc.)

Alibaba/Tencent/NHN:
└─ ✅ Keep current approach (can use general VM images with isKubernetesImage=false)

---

Core Difference: Image Specification Methods

Summary: Kubernetes node image specification methods differ completely across CSPs. AWS/GCP use abstracted type parameters, Alibaba /Tencent/NHN use specific image IDs, and Azure/IBM/NCP do not allow specification at all.

Detailed Comparison

Item	AWS/GCP	Alibaba /Tencent/NHN
Parameter Type	Abstracted type name	Specific image ID
Image Selection	CSP auto-selects	User specifies directly
Image Characteristics	K8s pre-configured	General VM → K8s auto-conversion
Auto Updates	Possible when type unchanged	Requires image ID change
Flexibility	Low (type-constrained)	High (any VM image)
Complexity	Low (except AWS LT)	Low

Image Specification Examples

🅰️ AWS & GCP: Abstracted Image Type Parameters

# AWS EKS
--ami-type AL2023_x86_64_STANDARD  # Type name → AWS auto-selects latest AMI

# GCP GKE  
--image-type COS_CONTAINERD  # Type name → Google auto-selects latest image

🅱️ Alibaba, Tencent, NHN : Direct VM Image ID Specification

# Tencent TKE
--NodePoolOsCustomizeImage img-487zeit5  # General VM image ID

# NHN NKS
--image-id d18ef61d-xxx  # General VM image UUID

# Alibaba ACK
--image-id aliyun_4_x64_20G_container_optimized_xxx  # Image ID

---

CSP-Specific Characteristics Summary

Summary: AWS has 260K images but EKS API only supports 11 types, and 99.4% of GCP images are Deprecated. Alibaba/Tencent/NHN automatically convert general VM images to K8s nodes.

AWS EKS

• Image Count: 519,916
• K8s Strategy: Various official images (Auto Node, EKS-optimized, Worker, Ubuntu EKS, etc.)
• ⚠️ Critical: All 266,107 K8s images are EC2 AMIs and cannot be directly specified in EKS API
  • EKS API has no parameter to directly input AMI ID
  • All custom AMIs can only be used through Launch Template (complex)
  • Images immediately usable: 0
• Recommended Approach: Use ami-type parameter (AWS auto-selects AMI)
  • AL2023_x86_64_STANDARD: Amazon Linux 2023 (latest, recommended)
  • AL2023_ARM_64_STANDARD: Amazon Linux 2023 ARM
  • AL2_x86_64: Amazon Linux 2 (x86_64)
  • AL2_x86_64_GPU: Amazon Linux 2 GPU
  • AL2_ARM_64: Amazon Linux 2 (ARM64)
  • BOTTLEROCKET_x86_64, BOTTLEROCKET_ARM_64: Bottlerocket OS
  • UBUNTU_20_04, UBUNTU_22_04: Ubuntu LTS
  • WINDOWS_CORE_2019, WINDOWS_FULL_2019: Windows Server 2019
  • WINDOWS_CORE_2022, WINDOWS_FULL_2022: Windows Server 2022
  • CUSTOM: Custom AMI (requires Launch Template)
• Characteristics: Region-specific independent management, maximum flexibility, full customization via Launch Template

GCP GKE

• Image Count: 10,702
• K8s Strategy: Single standard - Container-Optimized OS (COS)
• ⚠️ Critical: 3,338 of 3,358 (99.4%) K8s images are Deprecated
  • GKE API allows direct image URL specification (simpler than AWS)
  • Technically usable but Deprecated means security patches stopped (not recommended for production)
  • Even the 20 Available images are not recommended for direct specification (no auto-updates)
  • Recommended: Use image-type parameter (Google auto-selects and manages latest images)
• Recommended Approach: Use image-type parameter (Google auto-selects latest images)
  • COS_CONTAINERD (recommended): Container-Optimized OS with containerd
  • COS: Container-Optimized OS with Docker
  • UBUNTU_CONTAINERD: Ubuntu with containerd
  • UBUNTU: Ubuntu with Docker
  • WINDOWS_LTSC: Windows Server LTSC
  • WINDOWS_SAC: Windows Server SAC
• Characteristics: COS-centric, global unified management, aggressive version management, auto-updates

Alibaba ACK

• Image Count: 354
• K8s Strategy: Provides 6 Container Optimized images
• ✅ Direct Use: Can directly specify image ID in ACK API
  • 6 K8s-optimized images (recommended)
  • 348 general VM images also usable
  • All 354 images immediately available
• Available Images:
  • Container Optimized (recommended): aliyun_*_container_optimized
  • General images: CentOS, Ubuntu, Alibaba Cloud Linux, etc.
• Characteristics: High ARM support (19.2%), flexibility + optimization, no Launch Template required

Tencent TKE

• Image Count: 100 (fewest)
• K8s Strategy: Auto-converts general VM images
• ✅ Direct Use: 0 K8s-dedicated images, but can directly specify general VM images in TKE API
  • Select by image ID or OS type
  • TKE auto-converts to K8s nodes (installs kubelet, containerd)
  • All 100 images immediately available
• Available Images:
  • CentOS 7.x (most common, 22 images)
  • Ubuntu 22.04, 20.04, 18.04
  • Tencent Linux 2, 3 (proprietary distribution)
  • Debian 12, 10
  • Windows Server 2019, 2022, 2016
• Characteristics: CentOS-centric (42%), auto-conversion + flexibility, no Launch Template required

NHN NKS

• Image Count: 127
• K8s Strategy: Auto-converts general VM images (similar to Tencent)
• ✅ Direct Use: 0 K8s-dedicated images, but can directly specify general VM images in NKS API
  • Select by image UUID
  • NKS auto-converts to K8s nodes
  • All 127 images immediately available
• Available Images:
  • Ubuntu 22.04 (31 images, most common)
  • Windows 2016, 2019, 2022 (54 images total, 42.5%)
  • Rocky Linux 8, 9 (CentOS replacement)
  • Ubuntu 24.04 (latest LTS)
  • Debian 11, 9
• Characteristics: Very high Windows proportion (42.5%), Korea-focused (kr1, kr2 regions), no Launch Template required

---

CB-Tumblebug Implementation Recommendations

Priority 1: Use Recommended Approaches

// AWS: Use ami-type (auto-selection, AL2023 recommended)
nodeGroup.AmiType = "AL2023_x86_64_STANDARD"

// GCP: Use image-type (auto-selection)
nodePool.Config.ImageType = "COS_CONTAINERD"

// Alibaba: Select Container Optimized
nodePool.NodeConfig.ImageId = "aliyun_4_x64_20G_container_optimized"

Priority 2: Custom Images on User Request

// AWS: Requires Launch Template creation (complex)
// GCP: Direct specification possible (need to distinguish Deprecated vs Available, security patch verification recommended)
// Alibaba/Tencent/NHN: Direct general image specification (auto K8s conversion)
// Azure/IBM/NCP: Not supported

---

References

AWS EKS

• EKS CreateNodegroup API Reference
• EKS Managed Node Groups - AMI Types
• EKS Optimized AMIs

GCP GKE

• GKE Node Images Overview
• GKE NodeConfig API Reference
• Container-Optimized OS Documentation
• Compute Engine Image Deprecation

Azure AKS

• AKS Node Pool Management
• AKS Node Image Upgrade

Alibaba ACK

• ACK Node Pool Management
• ACK Operating System Images

Tencent TKE

• TKE Node Pool API Reference
• TKE Operating System

NHN Cloud NKS

• NKS User Guide
• NKS API Reference

Database

• CB-Tumblebug PostgreSQL Database: image_infos table (February 2026 data)
  • Image status (Available/Deprecated) based on metadata provided by each CSP API