Supported Images (Including Custom Images) and Shapes for Worker Nodes

When creating a cluster using Container Engine for Kubernetes, you can customize the worker nodes in the cluster by specifying:

The operating system image to use for worker nodes (managed nodes only). The image is a template of a virtual hard drive that determines the operating system and other software for the worker node.
The shape to use for worker nodes (both managed nodes and virtual nodes). The shape is the number of CPUs and the amount of memory to allocate to each newly created instance to be used as a worker node.

This topic includes information about the images and shapes provided by Oracle Cloud Infrastructure that are supported by Container Engine for Kubernetes for use in node pools. Note that some of the shapes might not be available in your particular tenancy.

To see a list of the supported images and the shapes available in your tenancy, enter:

oci ce node-pool-options get --node-pool-option-id all

Supported Images for Managed Nodes

Container Engine for Kubernetes supports the provisioning of worker nodes (managed nodes only) using some, but not all, of the latest Oracle Linux images provided by Oracle Cloud Infrastructure.

You can use these Oracle Linux images when provisioning managed nodes as:

To see the images supported by Container Engine for Kubernetes:

When using the Console to create a cluster in the 'Custom Create' workflow, view the list of supported platform images and OKE images in the Browse all images window.
When using the CLI, view the supported platform, OKE, and custom images (in the data: sources: section of the response) by entering:
```
oci ce node-pool-options get --node-pool-option-id all
```

Note the following when using Oracle Linux 8 images:

Oracle Linux 8 supports Federal Information Processing Standards (FIPS), a set of standards and guidelines for federal computer systems. When using Oracle Linux 8 images, you can enable FIPS mode. For more information, see Configuring a System in FIPS Mode in the Oracle Linux 8 documentation.
You can select Oracle Linux 8 images to provision managed nodes in node pools running Kubernetes 1.20.x and later.
Docker is not included in Oracle Linux 8 images. Instead, in node pools running Kubernetes 1.20.x and later, Container Engine for Kubernetes installs and uses the CRI-O container runtime and the crictl CLI (for more information, see Notes about Container Engine for Kubernetes Support for Kubernetes Version 1.20).

OKE Images

OKE images are provided by Oracle and built on top of platform images. OKE images are optimized for use as managed node base images, with all the necessary configurations and required software. You can select OKE images as the base images for managed nodes when creating and updating clusters and node pools. Using an OKE image minimizes the time it takes to provision managed nodes at runtime when compared to platform images and custom images. The use of OKE images reduces managed node provisioning time by more than half when compared to platform images.

To see the OKE images currently supported by Container Engine for Kubernetes:

When using the Console to create a cluster in the 'Custom Create' workflow, choose OKE images as the Image source in the Browse all images window, and view the list of supported OKE images.
When using the CLI, view the supported images (in the data: sources: section of the response) by entering:
```
oci ce node-pool-options get --node-pool-option-id all
```

OKE image names have the following format (and have OKE in the image name as shown):

<platform-image-name>-OKE-<kubernetes-version>-<OKE-build-number>

For example, Oracle-Linux-8.7-Gen2-GPU-2023.01.31-3-OKE-1.25.4-549

Note that OKE image names include the version number of the Kubernetes version they contain. If you specify a Kubernetes version when creating and updating node pools, the OKE image you select must have the same version number as the node pool.

Platform Images

Platform images are provided by Oracle and only contain an Oracle Linux operating system. When the compute instance hosting a managed node boots up for the first time, Container Engine for Kubernetes downloads, installs, and configures required software.

To see the platform images currently supported by Container Engine for Kubernetes:

When using the Console to create a cluster in the 'Custom Create' workflow, choose Platform images as the Image source in the Browse all images window, and view the list of supported platform images.
When using the CLI, view the supported images (in the data: sources: section of the response) by entering:
```
oci ce node-pool-options get --node-pool-option-id all
```
Platform image names might or might not include a CPU architecture reference, and do not include OKE. For example:
- Oracle-Linux-8.5-Gen2-GPU-2022.04.05-0
- Oracle-Linux-7.9-2022.04.04-0

Custom Images

Custom images are provided by you, and can be based on both supported platform images and OKE images. Custom images contain Oracle Linux operating systems, along with other customizations, configuration, and software that were present when you created the image.

When specifying the image that Container Engine for Kubernetes uses to provision managed nodes in a node pool, you can specify your own custom image rather than one of the explicitly supported Oracle Linux images returned by the oci ce node-pool-options get --node-pool-option-id all command. Managed nodes provisioned from a custom image include the customizations, configuration, and software in the image. Note that Container Engine for Kubernetes only supports custom images that are based on one of the Oracle Linux images returned by the oci ce node-pool-options get command.

To provision managed nodes from a custom image, you must use the CLI or API and specify the custom image’s OCID when creating the node pool. For example, by running the oci ce node-pool create command and using the --node-image-id parameter to specify a custom image's OCID, as follows:

oci ce node-pool create \
--cluster-id ocid1.cluster.oc1.iad.aaaaaaaaaf______jrd \
--name my-custom-linux-image \
--node-image-id ocid1.image.oc1.iad.aaaaaaaa6______nha \
--compartment-id ocid1.compartment.oc1..aaaaaaaay______t6q \
--kubernetes-version v1.15.7 \
--node-shape VM.Standard2.1 \
--placement-configs "[{\"availability-domain\":\"IqDk:US-ASHBURN-AD-2\", \"capacityReservationId\":\"ocid1.capacityreservation.oc1.iad.anuwcljt2ah______yeq\", \"subnet-id\":\"ocid1.subnet.oc1.iad.aaaaaaaa2xpk______zva\", \"faultDomains\":[\"FAULT-DOMAIN-3\", \"FAULT-DOMAIN-1\"]}, {\"availability-domain\":\"IqDk:US-ASHBURN-AD-1\", \"subnet-id\":\"ocid1.subnet.oc1.iad.aaaaaaaauhls______bpq\", \"faultDomains\": [\"FAULT-DOMAIN-1\", \"FAULT-DOMAIN-2\"]}]" \
--size 1 \
--region=us-ashburn-1

Note the following additional considerations when using custom images:

Container Engine for Kubernetes installs Kubernetes on top of a custom image, and Kubernetes or the installation software might change certain kernel configurations.
Custom images must have access to a yum repository (public or internal).
For the best support, ensure you create a custom image from the most up-to-date base image.
When using OKE images as the base for custom images, note that OKE images are built for a specific Kubernetes version and CPU architecture. To see details (including the OCIDs) of OKE worker node images to use as the base for custom images, see Image Release Notes.

For more information about custom images and Oracle Cloud Infrastructure, see Managing Custom Images.

Supported Shapes for Managed Nodes and Virtual Nodes

Container Engine for Kubernetes supports the provisioning of worker nodes (both managed nodes and virtual nodes) using many, but not all, of the shapes provided by Oracle Cloud Infrastructure. More specifically:

Managed Nodes:
- Supported for managed nodes: Flexible shapes, except flexible shapes to create burstable instances (for example, VM.Standard.E3.Flex); Bare Metal shapes, including standard shapes and GPU shapes; HPC shapes, except in RDMA networks; VM shapes, including standard shapes and GPU shapes; Dense I/O shapes.
  For the list of supported GPU shapes, see GPU shapes supported by Container Engine for Kubernetes.
- Not Supported: Dedicated VM host shapes; Micro VM shapes; HPC shapes on Bare Metal instances in RDMA networks; flexible shapes to create burstable instances (for example, VM.Standard.E3.Flex).
Virtual Nodes:
- Supported for virtual nodes: Standard.E3.Flex and Standard.E4.Flex shapes.
- Not Supported: All other shapes.

Note that you might be unable to select some shapes in your particular tenancy due to service limits and compartment quotas, even though those shapes are supported by Container Engine for Kubernetes.

To see the shapes that are supported by Container Engine for Kubernetes and available in your tenancy:

When using the Console to create a cluster in the 'Custom Create' workflow, view the list of supported shapes in the Browse all shapes window.
When using the CLI, view the supported shapes (in the data: shapes: section of the response) by entering:
```
oci ce node-pool-options get --node-pool-option-id all
```

You might be able to use the Compute service's Console pages (or the Compute service's CLI or API) to subsequently change the shape of a worker node after it has been created. However, bear in mind that Container Engine for Kubernetes only supports those shapes shown in the Browse all shapes window or returned by the oci ce node-pool-options get --node-pool-option-id all command.

For more information about all the shapes provided by Oracle Cloud Infrastructure, see Compute Shapes.