Edge Artifact Build Configurations
During the EdgeForge process, you provide an .arg document that contains a list of parameters to configure the build of both the provider images and the Edge Installer ISO. This page lists the parameters available in the .arg file.
Argument | Description | Allowed Values |
---|---|---|
ARCH | Architecture of the image. Required. | amd64 , arm64 . |
AUTO_ENROLL_SECUREBOOT_KEYS | Determines whether to auto enroll keys used for Trusted Boot. | true , false . Default is false . |
BASE_IMAGE | Base image to be used for building installer and provider images. You only need to provide a value for this parameter when building a FIPS-enabled image. | Image URL |
CIS_HARDENING | Whether to harden Edge artifacts according to Center for Internet Security (CIS) standards. | true , false , Default is false . |
CLUSTERCONFIG | Path to a cluster definition file. For more information refer to Export Cluster Definition. | URL string. |
CUSTOM_TAG | A custom tag for the provider images. This custom tag will be appended to the IMAGE_REGISTRY and IMAGE_REPO parameters to form the full image tag. | Lowercase alphanumeric string without spaces. |
DISABLE_SELINUX | Disable Security-Enhanced Linux (SELinux) in the operating system. Set this to true when your cluster has applications are not compatible with SELinux, such as KubeVirt. | true , false |
EDGE_CUSTOM_CONFIG | Path to the Edge custom configuration file. The file is used to provide public keys for the host to verify signatures. Refer to Embed a Public Key in Edge Artifacts for more information. | .edge_custom_config.yaml |
FIPS_ENABLED | Whether to generate FIPS compliant binaries. | true , false. Default is false |
HTTP_PROXY | URL of the HTTP Proxy server. | URL string. |
HTTPS_PROXY | URL of the HTTPS Proxy server. | URL string. |
IMAGE_REGISTRY | The image registry to use for tagging the generated provider images. Required. | Your image registry hostname, without http or https Example: docker.io/spectrocloud. |
IMAGE_REPO | The image repository to use for tagging the generated provider images. Required. | Your image repository name. |
INCLUDE_MS_SECUREBOOT_KEYS | Whether to include Microsoft's secure boot keys in the set of keys to enroll in your device for secure boot. Almost every machine requires these keys. | true , false . Default is true . |
ISO_NAME | Name of the Installer ISO file. Required. | Lowercase alphanumeric string without spaces. The characters - and _ are allowed. |
IS_UKI | Determines whether to build a Unified Kernel Image (UKI) to enabled Trusted Boot. Refer to Trusted Boot for more information. | true , false . Default is false . |
K8S_DISTRIBUTION | Kubernetes distribution. | k3s , rke2 , kubeadm , kubeadm-fips . |
MY_ORG | Name of the org to use during secure boot key generation. For more information, refer to Generate Keys. | String. |
NO_PROXY | URLS that should be excluded from the proxy. | Comma-separated URL string. |
OS_DISTRIBUTION | Operating System (OS) distribution. | ubuntu , opensuse-leap , rhel . |
OS_VERSION | OS version. This applies to Ubuntu only. | 20 , 22 . |
PROXY_CERT_PATH | Absolute path of the SSL Proxy certificate in the PEM format. This parameter is deprecated and will be removed in a future version. Provide the certificates in the certs folder in the root directory of the CanvOS repository instead. For more information, refer to Build Installer ISO. | Absolute path string. |
UBUNTU_PRO_KEY | Subscription key to a Ubuntu Pro subscription. A Ubuntu Pro subscription is needed to generate FIPS-compliant Edge artifacts with Ubuntu as the OS. | String. |
UKI_BRING_YOUR_OWN_KEYS | Whether to use your own Certificate Authority (CA) to generate secure boot keys. For more information, refer to the Generate Keys using an Existing CA tab in Generate Keys. | false |
UPDATE_KERNEL | Determines whether to upgrade the Kernel version to the latest from the upstream OS provider. | true , false . |