Best answer by JoseNutanix
You should treat the CentOS image as a virtual appliance that Nutanix provides to run the K8s clusters with Karbon. This CentOS image comes hardened OOTB (if you need the report of this hardening you can contact your Nutanix account team)
To provide an example, this is like if you are running F5 virtual appliance that uses CentOS and you want to upgrade/patch that CentOS that F5 is providing you. You won't do it because it is a "closed" image.
What we provide with the CentOS image is a managed service experience where customers don't need to worry about the image at all.
I hope this makes sense to you. If you want, we can discuss further. I see you are also UK based, happy to have a catch up anytime if you want to.