Edge Artifact Build Configurations
During the EdgeForge process, you provide an .arg document that contains a list of parameters to configure the build of both the provider images and the Edge Installer ISO. This page lists the parameters available in the .arg file.
| Argument | Description | Allowed Values |
|---|---|---|
ARCH | Architecture of the image. Required. | amd64, arm64 |
AUTO_ENROLL_SECUREBOOT_KEYS | Determines whether to auto enroll keys used for Trusted Boot. | true, false. Default is false. |
BASE_IMAGE | Base image to be used for building installer and provider images. You only need to provide a value for this parameter when building a FIPS-enabled image. | Image URL. |
CIS_HARDENING | Whether to harden Edge artifacts according to Center for Internet Security (CIS) standards. | true, false. Default is false. |
CLUSTERCONFIG | Path to a cluster definition file. For more information refer to Export Cluster Definition. | URL string. |
CUSTOM_TAG | A custom tag for the provider images. This custom tag will be appended at the end to form the full image tag, which is formed as $IMAGE_REGISTRY/$IMAGE_REPO:$K8S_DISTRIBUTION-$K8S_VERSION-$PE-VERSION-$CUSTOM_TAG. $PE_VERSION refers to the Palette Edge agent version, which is automatically determined. | Lowercase alphanumeric string without spaces. |
DISABLE_SELINUX | Disable Security-Enhanced Linux (SELinux) in the operating system. Set this to true when your cluster has applications are not compatible with SELinux, such as KubeVirt. | true, false |
EDGE_CUSTOM_CONFIG | Path to the Edge custom configuration file. The file is used to provide public keys for the host to verify signatures. Refer to Embed a Public Key in Edge Artifacts for more information. | .edge_custom_config.yaml |
FIPS_ENABLED | Whether to generate FIPS compliant binaries. | true, false. Default is false. |
FORCE_INTERACTIVE_INSTALL | When set to true, Palette Edge Interactive Installer is selected by default in the Grand Unified Bootloader (GRUB) menu on first boot, enabling manual disk selection for ISO installation. Not supported for Unified Kernel Image (UKI) builds. On legacy BIOS systems, the selected disk must be either the first device in the BIOS boot order or the only bootable device. | true, false. Default is false. |
HTTP_PROXY | URL of the HTTP Proxy server. | URL string. |
HTTPS_PROXY | URL of the HTTPS Proxy server. | URL string. |
IMAGE_REGISTRY | The image registry to use for tagging the generated provider images. Required. | Your image registry hostname, without http or https. Example: docker.io/spectrocloud. |
IMAGE_REPO | The image repository to use for tagging the generated provider images. Required. | Your image repository name. |
INCLUDE_MS_SECUREBOOT_KEYS | Whether to include Microsoft's secure boot keys in the set of keys to enroll in your device for secure boot. Almost every machine requires these keys. | true, false. Default is true. |
ISO_NAME | Name of the Installer ISO file. Required. | Lowercase alphanumeric string without spaces. The characters - and _ are allowed. |
IS_UKI | Determines whether to build UKI to enabled Trusted Boot. Refer to Trusted Boot for more information. | true, false. Default is false. |
K8S_DISTRIBUTION | Kubernetes distribution. | k3s, rke2, kubeadm, kubeadm-fips, nodeadm, canonical |
K8S_VERSION | Kubernetes version. The available versions vary depending on the specified K8S_DISTRIBUTION. Review the k8s_version.json file in the CanvOS repository for all supported versions. | Semantic Versioning patch release format - x.y.z. |
MAAS_IMAGE_NAME | Custom MAAS image name. | Lowercase alphanumeric string without spaces. The characters - and _ are allowed. |
REGION | Region for the S3 bucket used for building AWS cloud images. | Lowercase alphanumeric string without spaces. The characters - and _ are allowed. |
S3_BUCKET | Name of the S3 bucket used for building AWS cloud images. | Lowercase alphanumeric string without spaces. The characters - and _ are allowed. |
S3_KEY | Object key used to save images in the configured S3 bucket when building AWS cloud images. This argument is optional. | Lowercase alphanumeric string without spaces. The characters - and _ are allowed. |
MY_ORG | Name of the org to use during secure boot key generation. For more information, refer to Generate Keys. | String. |
NO_PROXY | URLS that should be excluded from the proxy. | Comma-separated URL string. |
OS_DISTRIBUTION | Operating System (OS) distribution. | ubuntu, opensuse-leap, rhel |
OS_VERSION | OS version. This applies to Ubuntu only. | 20, 22 |
PROXY_CERT_PATH | Absolute path of the SSL Proxy certificate in the PEM format. This parameter is deprecated and will be removed in a future version. Provide the certificates in the certs folder in the root directory of the CanvOS repository instead. For more information, refer to Build Installer ISO. | Absolute path string. |
TWO_NODE | Whether to build a provider image that enables the host to be part of a two-node high availability cluster. Refer to Two-Node Architecture for more information. | true, false |
UBUNTU_PRO_KEY | Subscription key to a Ubuntu Pro subscription. A Ubuntu Pro subscription is needed to generate FIPS-compliant Edge artifacts with Ubuntu as the OS. | String. |
UKI_BRING_YOUR_OWN_KEYS | Whether to use your own Certificate Authority (CA) to generate secure boot keys. For more information, refer to the Generate Keys using an Existing CA tab in Generate Keys. | false |
UPDATE_KERNEL | Determines whether to upgrade the Kernel version to the latest from the upstream OS provider. | true, false |