Building Telco Edge Platforms with SUSE Edge Image Builder

In the world of telco edge computing, where 5G networks demand ultra-low latency and high reliability, traditional deployment methods fall short. This post explores how SUSE Edge Image Builder (EIB) creates custom, immutable OS images with embedded Kubernetes configurations — enabling zero-touch provisioning of production-grade edge platforms.

The Challenge: Kubernetes at the Telco Edge

Telco edge platforms face unique challenges that distinguish them from typical cloud or data centre Kubernetes deployments:

• Zero-touch provisioning: Edge sites often lack on-site IT staff, requiring fully automated deployment
• Deterministic performance: 5G vRAN workloads require sub-millisecond latency with minimal jitter
• Hardware acceleration: Integration with SR-IOV, DPDK, and specialised accelerators like Intel ACC200
• Immutable infrastructure: Predictable, reproducible deployments across hundreds of edge sites
• Security compliance: CIS benchmarks and telco-specific security requirements

What is SUSE Edge Image Builder?

SUSE Edge Image Builder (EIB) is a tool that creates custom bootable ISO images. It takes a base SLE Micro ISO, overlays configurations, injects combustion scripts, embeds Helm charts and container images, and outputs a self-contained bootable ISO — no network required at deployment time.

┌─────────────────────────────────────────────────────────┐
│                    EIB Build Process                     │
│                                                          │
│  Base ISO ──> Edge Image Builder ──> Custom ISO          │
│  SLE Micro     Injects:               (Bootable)         │
│  6.1 RT        - OS configs                              │
│                - Combustion scripts                      │
│                - Container images                        │
│                - Helm charts                             │
└─────────────────────────────────────────────────────────┘

Technology Stack

Component	Version / Type	Purpose
Base OS	SLE Micro 6.1 RT	Immutable, real-time optimised Linux
Kubernetes	RKE2 v1.33.3	Container orchestration
CNI	Multus + Calico	Multi-network pod networking
Storage	Longhorn v1.9.1	Distributed block storage
Security	CIS Profile + SELinux	Hardened cluster
Network Accel	SR-IOV + DPDK	Hardware-accelerated networking
Hardware Accel	Intel VRB1/ACC200 FEC	5G Forward Error Correction

Cluster Architecture

The deployed cluster runs across two Dell PowerEdge XR8620t nodes in an HA-lite configuration with a virtual API endpoint:

                    API VIP: 192.168.41.30
                    ┌──────────────────┐
                    │  kube-apiserver  │
                    │  (HA endpoint)   │
                    └────────┬─────────┘
                             │
              ┌──────────────┴──────────────┐
              │                              │
    ┌─────────▼─────────┐        ┌──────────▼────────┐
    │  Node 1           │        │  Node 2           │
    │  Server + Worker  │        │  Worker           │
    │  192.168.41.3/27  │        │  192.168.41.4/27  │
    │                   │        │                   │
    │  Control Plane    │        │  Kubelet          │
    │  Workload Pods    │        │  Workload Pods    │
    │  Longhorn Storage │        │  Longhorn Storage │
    └───────────────────┘        └───────────────────┘

Boot and Initialization Flow

When a node boots from the custom ISO, the following automated sequence executes — no human intervention required:

1. OS Installation: Partitions /dev/nvme0n1, installs SLE Micro 6.1 RT
2. First Reboot: Triggers combustion script execution
3. Combustion Scripts: Sequential initialization (filesystem fix → CNI tmpfs → performance setup → SR-IOV → systemd units → CIS hardening)
4. Systemd Services: cpu-partitioning, performance-settings, rke2-server/rke2-agent, sriov-custom-auto-vfs, fec-vf-creation
5. RKE2 Bootstrap: Node 1 initialises control plane; Node 2 joins as worker
6. Helm Deploys: cert-manager, Longhorn, SR-IOV Network Operator auto-deploy

Configuration Hierarchy

Everything is driven from a single top-level file: edge-cluster.yaml. This references all sub-configurations:

edge-cluster.yaml (Top Level)
    │
    ├── Image Configuration
    │   ├── imageType: iso
    │   ├── arch: x86_64
    │   └── baseImage: SL-Micro.*.iso
    │
    ├── Operating System
    │   ├── Kernel cmdline args (CPU isolation, huge pages)
    │   ├── packages: [jq, dpdk, tuned, rt-tests, ...]
    │   └── installDevice: /dev/nvme0n1
    │
    ├── Kubernetes
    │   ├── version: v1.33.3+rke2r1
    │   ├── apiVIP: 192.168.41.30
    │   └── nodes: [node1 (initializer), node2 (agent)]
    │
    ├── Helm Charts
    │   ├── cert-manager
    │   ├── longhorn (+ CRDs)
    │   └── sriov-network-operator (+ CRDs)
    │
    └── Embedded Artifact Registry
        ├── containerImages: [15 images]
        └── helmCharts: [pre-pulled]

Why RKE2?

RKE2 was chosen over vanilla Kubernetes for several reasons relevant to telco deployments:

• Built-in CIS Benchmark profile — security hardening out of the box
• Managed by systemd — no Docker daemon dependency
• Containerd runtime — aligned with upstream Kubernetes direction
• Simplified certificate management and rotation
• Embedded etcd with snapshot support

Build Process

# Ensure base ISO is in place
ls base-images/*.iso

# Run EIB build
eib build --definition-file edge-cluster.yaml

# Output: eib-slemicro61rt.iso (~2.5-3GB)
# Build time: 30-60 minutes

Key Takeaway

EIB transforms complex telco edge deployments into a repeatable, version-controlled process. The entire cluster configuration — OS tuning, Kubernetes setup, network acceleration, security hardening — is expressed as code and baked into a single bootable ISO. Boot the hardware, walk away, come back to a running cluster.

In the next post, we dive into the multi-tier network architecture that enables 5G vRAN packet processing at hardware line rates.