Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes the node images available for Azure Kubernetes Service (AKS) nodes.
Caution
In this article, there are references to Ubuntu OS versions that are being deprecated for AKS.
- Starting on 17 June 2025, AKS no longer supports Ubuntu 18.04. Existing node images will be deleted and AKS will no longer provide security updates. You'll no longer be able to scale your node pools. Migrate to a supported Ubuntu version by upgrading your node pools to a supported kubernetes version. For more information on this retirement, see AKS GitHub Issues.
- Starting on 17 March 2027, AKS no longer supports Ubuntu 20.04. Existing node images will be deleted and AKS will no longer provide security updates. You'll no longer be able to scale your node pools. Migrate to a supported Ubuntu version by upgrading your node pools to kubernetes version 1.34+. For more information on this retirement, see AKS GitHub Issues.
Node image releases
Azure Kubernetes Service (AKS) regularly provides new node images, so it's beneficial to upgrade your node images frequently to access the latest AKS features, component updates, and security fixes. You can find detailed summaries of each node image version in the AKS VHD notes.
Linux node images are released weekly, and Windows node images are released monthly. New node images are included in the AKS release notes.
Best practice guidance
Configure automatic node image upgrades and schedule them using planned maintenance. This will ensure that your node images are always up to date without requiring manual upgrades.
When new node images are released, it can take up to two weeks for the updates to be rolled out across all regions. The AKS Release Tracker shows the current latest node image version, three previously available node image versions for each region, and the node image update order by region. Once the node image is available in your region, you can perform a manual node image upgrade or configure automatic node image upgrades and schedule them using planned maintenance.
Default node images
AKS sets a default operating system (OS) and node image during cluster and node pool creation. OS Type can be used to filter between Linux or Windows.
| OS Type | Default OS | Default node image |
|---|---|---|
| Not Specified | Ubuntu Linux | Ubuntu with containerd and gen 2 |
| Linux | Ubuntu Linux | Ubuntu with containerd and gen 2 |
| Windows | Windows Server | Windows Server Long Term Servicing Channel (LTSC) with containerd and gen 1 |
Note
You can't specify the Windows OS Type during cluster creation since the system node pool in every cluster must be Linux.
Factors that influence the default node image
The following factors influence the default image AKS chooses for your node pool:
- OS SKU: If
--os-skuis specified, then your default OS changes. For example, if you specify Azure Linux as the OS SKU, then your node image is Azure Linux with containerd. - Virtual machine (VM) size:
- Hypervisor Generation: Each VM size supports Generation 1, Generation 2, or both.
- If a Generation 2 is supported, AKS defaults to using the Generation 2 node image.
- If only Generation 1 is supported, AKS defaults to using the Generation 1 node image.
- Feature enablement: There are some features embedded into the node image. If you choose to use any of these features, your default node image changes.
- Federal Information Processing Standards (FIPS) changes the default node image for all Linux node pools.
- Pod Sandboxing changes the default node image for Azure Linux node pools.
- Trusted Launch changes the default node image for all Linux node pools.
Note
Certain features can't be combined in a single node pool. Follow links to the feature documentation to review the limitations.
Available Linux node images
Ubuntu node images
The Ubuntu node images are fully validated by AKS and supported by Microsoft, Canonical, and the Ubuntu community. AKS won't retire an Ubuntu version before the end of Canonical's support lifecycle.
| Node image | Use case | Limitations |
|---|---|---|
| Ubuntu with containerd and Gen 1 | This is the standard node image for Ubuntu node pools using a VM size that only supports Generation 1. | N/A |
| Ubuntu with containerd and Gen 2 | This is the standard node image for Ubuntu node pools using a VM size that supports Generation 2. If a VM size supports both Generation 1 and Generation 2, this node image is selected. | N/A |
| Ubuntu with containerd and FIPS | This is a variant of the default node image for customers that enable Federal Information Processing Standards (FIPS). These images support both Generation 1 and Generation 2. | Not yet supported for Ubuntu 22.04+. Can't be combined with Arm64, Trusted Launch, or CVM. |
| Ubuntu with containerd and Arm64 | This is a variant of the default node image for customers that use a VM size that supports Arm64. These images support Generation 2 only. | Can't be combined with FIPS, CVM, or Trusted Launch. |
| Ubuntu with containerd and CVM | This is a variant of the default node image for customers that use a Confidential VM size. These images support Generation 2 only. | Not yet supported for Ubuntu 22.04+. Can't be combined with FIPS, Arm64, or Trusted Launch. |
| Ubuntu with containerd and Trusted Launch | This is a variant of the default node image for customers that enable Trusted Launch. These images support Generation 2 only. | Can't be combined with FIPS, Arm64, or CVM. |
Azure Linux node images
The Azure Linux node images are fully validated by AKS and built from source, using a native AKS image.
| Node image | Use case | Limitations |
|---|---|---|
| Azure Linux with containerd and Gen 1 | This is the standard node image for Azure Linux node pools using a VM size that only supports Generation 1. | N/A |
| Azure Linux with containerd and Gen 2 | This is the standard node image for Azure Linux node pools using a VM size that supports Generation 2. If a VM size supports both Generation 1 and Generation 2, node image is selected. | N/A |
| Azure Linux with containerd and FIPS | This is a variant of the default node image for customers that enable Federal Information Processing Standards (FIPS). These images support both Generation 1 and Generation 2. | Can't be combined with Trusted Launch, or Pod Sandboxing. Azure Linux supports a separate image for FIPS and ARM64. |
| Azure Linux with containerd and Arm64 | This is a variant of the default node image for customers that use a VM size that supports Arm64. These images support Generation 2 only. | Can't be combined with Trusted Launch or Pod Sandboxing. Azure Linux supports a separate image for FIPS and ARM64. |
| Azure Linux with containerd, FIPS, and Arm64 | This is a variant of the default node image for customers that enable Federal Information Processing Standards (FIPS) and use a VM size that supports Arm64. These images support Generation 2 only. | Can't be combined with Trusted Launch or Pod Sandboxing. |
| Azure Linux with containerd and Trusted Launch | This is a variant of the default node image for customers that enable Trusted Launch. These images support Generation 2 only. | Can't be combined with FIPS, Arm64, or Pod Sandboxing. |
| Azure Linux with containerd and Pod Sandboxing | This is a variant of the default node image for customers that enable Pod Sandboxing. These images support Generation 2 only. | Can't be combined with FIPS, Arm64, or Trusted Launch. |
Available Windows Server node images
The Windows Server node images are fully validated by AKS and supported by Microsoft.
Windows Server Long Term Servicing Channel (LTSC) node images
| Node image | Use case | Limitations |
|---|---|---|
| Windows Server with containerd and Gen 1 | This is the standard node image for Azure Linux node pools using a VM size that only supports Generation 1. | N/A |
| Windows Server with containerd and Gen 2 | This is the standard node image for Azure Linux node pools using a VM size that supports Generation 2. If a VM size supports both Generation 1 and Generation 2, this node image is selected. | N/A |
Windows Server Annual Channel for Containers (preview) node images
| Node image | Use case | Limitations |
|---|---|---|
| Windows Server with containerd and Gen 1 | This is the standard node image for Azure Linux node pools using a VM size that only supports Generation 1. | N/A |
| Windows Server with containerd and Gen 2 | This is the standard node image for Azure Linux node pools using a VM size that supports Generation 2. If a VM size supports both Generation 1 and Generation 2, this node image is selected. | N/A |
Next steps
To learn more about node images, node pool upgrades, and node configurations on AKS, see the following resources:
- To learn about nodes and node configurations, see AKS core concepts.
- Configure automatic node image upgrades and schedule them using planned maintenance.
- Apply custom node configurations to modify OS or kubelet settings.
- For information about the latest node images, see the AKS release notes.
- Automatically apply cluster and node pool upgrades with GitHub Actions.
- Learn about upgrading best practices with AKS patch and upgrade guidance.
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Azure Kubernetes Service