siderolabs/image-factory v1.0.0-beta.0 on GitHub

image-factory 1.0.0-beta.0 (2026-01-23)

Welcome to the v1.0.0-beta.0 release of image-factory!
This is a pre-release of image-factory

Please try out the release binaries and report any issues at
https://github.com/siderolabs/image-factory/issues.

Configuration moved to env and config files only

All configuration is now provided exclusively via environment variables and/or configuration files.
Command-line flags for configuration have been removed.

Users must migrate any existing CLI-based configuration to env variables or supported config file formats.
This change simplifies the runtime interface but is a breaking change and requires updates to existing workflows relying on CLI flags.

Disk Image

The disk image build process no longer requires privileged deployment and mounting '/dev'.
The build process now operates in userspace, and it doesn't depend on host Linux kernel anymore.
This change enhances security and portability, allowing disk images to be built in a wider range of environments without elevated permissions.
This also enables most of the image builds to be fully reproducible.

Contributors

Andrey Smirnov
Mateusz Urbanek
Noel Georgi
Dmitrii Sharshakov
Laura Brehm
Orzelius
Artem Chernyshev
Bryan Lee
Edward Sammut Alessi
Tim Jones
Alexis La Goutte
Andras BALI
Birger Johan Nordølum
Camillo Rossi
Christopher Puschmann
Jaakko Sirén
Jean-Francois Roy
Joakim Nohlgård
Jonas Lammler
Justin Garrison
Lennard Klein
Max Makarov
Michal Baumgartner
Olav Thoresen
Pranav Patil
Serge van Ginderachter
Skye Soss
Spencer Smith
dataprolet
eseiker
pranav767

Changes

20 commits

c8c6576 release(v1.0.0-beta.0): prepare release
56bd21b fix: allow Cache-Control header in CORS
83f4d91 fix: clarify bootloader selection
c8c5faa feat: allow using image GET/HEAD API by the JS code on any domains
e732d90 feat: support acm for secureboot
5f103c1 feat: support copying to clipboard
c3532c4 feat: update Talos with GRUB and other fixes
b5ba663 fix: avoid pulling Talos core in schematic pkg
b2b0cc8 fix: update cosign to v3.0.4
fca99d0 chore: update docs/developing.md
49f4226 chore: separate kres integration-test variables
190aa22 fix: add missing libarchive dependency
37bd795 fix: image-factory rootless
99cbfd7 fix: don't enforce bundle verified
cf3e56a chore: bump talos
8723b02 fix: drop sbc board support
f0150c4 feat: use rootless Image Factory
f57218f feat: refactor configuration of image factory
e440ce7 fix: support new cosign bundle format
5eb1775 feat: introduce Enterprise Image Factory

Changes from siderolabs/pkgs

44 commits

375983f feat: update Go to 1.25.6
d445c80 feat: update Linux to 6.18.5
6994400 feat: update NVIDIA LTS and production driver versions
05c3d85 feat: update Linux firmware to 20260110
c61b466 feat: enable IT87 hwmon module
ae2572e feat: enable IPV6_MROUTE
d6b503e feat: add RK3588 NPU Support
df4b4c8 feat: bump deps
a220898 feat: add libarchive
c2371b5 feat: enable ZRAM support
ab4d169 feat: add a patch to force uid when populating from a directory
972f44d feat: update dependencies
f8eb5b0 feat: update Linux to 6.18.2
3fb6291 feat: update systemd to 259
59241bd fix: add SBOMs for pigz/igzip
9377c78 feat: optimize decompression for containerd
e8e61ce feat: update containerd to 2.2.1
daa74ba feat: support xfs filesystem reproducibility
1f66513 feat: update OpenZFS to 2.4.0
b209af5 chore: rekres with latest changes
2b806b9 feat: bump dependencies
65242fd feat: enable CONFIG_MISC_RP1 in ARM64 config
4daecd8 feat: update Linux to 6.18.1
9868a66 feat: enable Powercap and Intel RAPL
07883ee feat: build and package perf binary
47abca0 fix: add json support to nftables binary
b961ff8 feat: patch containerd 2.2.0 with cgroups fix patch
b7dd7f6 feat: add mstflint module
ae53351 feat: update ZFS to 2.4.0-rc5
b8edf01 feat: update CNI plugins to v1.9.0
a57c1b0 feat: enable amd sev-snp
68562c1 feat: update Linux to 6.18
6f4ff8c feat: enable Amlogic Meson PCIe controller driver
c41127b feat: enable Intel GPIO/Pinctrl kernel modules
4a31ff7 feat: update NVIDIA LTS to 580.105.08
3e858d3 chore: fork pkgs for Talos 1.13
dcc5aa1 feat: update runc to 1.3.4
8b6ae5b fix: regenerate configs
2992598 fix: add missing kernel config entries
c8ea18a feat: rekres to alow multiple commits
2ddef8b chore: update dependencies
d1f28e0 chore: update dependencies
ab253f5 feat: enable gpio-fan module
0b10666 chore: use ubuntu mirrors

Changes from siderolabs/talos

153 commits

4b274f761 feat: support aws cert manager in imager
417209512 fix: fallback to /proc/meminfo for memory modules
7f1147bed fix: add warnings to 802.3ad bond
ddd6b186e refactor: generate GRUB images
c7aa266ea fix: overwrite resolver config with machine config
cf70f05fa fix: oracle platform file format
8c7b8f5b7 feat: add support for negative max size
77bc3d21f fix: marshal of FailOverMac property
38e280c93 fix: make OOM expression a bit less sensitive
3d1301640 fix: wipe the first/last 1MiB in addition to wiping by signatures
1aa6528ad fix: make OOM controller more precise by considering separate cgroup PSI
f7072c050 fix: check if the device is not mounted when wiping
743c3b94b fix: use correct containerd import path
f2dd08594 feat: report image pull progress in the console
72fe98a06 fix: boot with GRUB
d4ed13d93 fix: add talos version to Hetzner Cloud client user agent
150c41c30 feat: update Linux to 6.18.5
01a367891 fix: use append instead of prepend in service-account-issuer
d1954278a feat: add extraArgs from service-account-issuer
91b88f7f9 feat: support multiple values for extraArgs
96e604874 fix: add hostname to endpoints
7033275a7 refactor: move BootloaderKind into machinery
71adaf0ea fix: sort mirrors and tls configs when generating the machine config
34f09a300 feat: add VLAN support to OpenStack platform
5127ef7c2 fix: wipe disk by signatures
415bfaedb fix: panic in configpatcher when the whole section is missing
e5aca71cd fix: fix healthcheck timeout
634b71e2d docs: move talosctl pcap example to Example Block
818492731 feat: implement KubeSpan multi-document configuration
4d0604b9d chore: remove unrelated machineconfig
e36863470 feat: add it87 hwmon module
308c75090 fix: resolve SideroLink Wireguard endpoint on reconnect
e4ef494de fix: drop the persist config flag from gen config
c3176adcf feat: add EnvironmentConfig document
c839b3880 feat: expose more SSA options in the upgrade-k8s command
b8ff9677e fix: handle correctly incomplete RegistryTLSConfig
99f2ddada fix: bond config via platform
2449ffea4 fix: allow HostnameConfig to be used with incomplete machine config
35fc52087 fix: lock down etcd listen address to IPv4 localhost
27253d731 feat: use new xfs config file
c9d84ae21 fix: generate OCI-compliant image config
7a4b2b33a fix: update VIP config example
080efcbda feat: add k8s-version parameter to k8s-bundle
b764f5f72 fix: skip sync test when kube-proxy is disabled
70e67787d feat: imager: populate filesystems with root owned files
7416dca59 fix: print talosctl images to release notes
dc2009e47 chore: use context when creating filesystems
85f7be6e3 chore: update slack links
154952175 fix: disable swap for system services
d98b415af fix: drop more non-overlay SBC stuff
226cd6bc1 fix: do not allocate for the actual disk image file
53f5bf8d2 fix: overlay installers
10d0cfd93 fix: overlay install in image mode
77086694d fix: partition data population
4d5657b1a fix: drop SBC board code
c4f3f6d3e feat: implement kubernetes server-side apply
f12fd2b0a test: bump Image Factory tests
c76484e58 release(v1.13.0-alpha.0): prepare release
f0d8a6851 test: skip the source bundle on exact tag
c57701d65 fix: remove interactive installer
43937c1cd feat: update Linux and systemd
72a194df8 feat: add VM CPU hot-add rules
f09ae1e0d fix: probe small images correctly
8f2b33799 feat: imager support rootless builds
c7525a97e feat: support creating filesystems from folder
e2bffb5ce chore: refactor imager code so it's more clear
0fb50dbd0 fix: invalid versions check in talos-bundle
b5dd56032 test: upgrade versions in upgrade tests
3dfa4d6e4 fix: make upgrade work with SELinux enforcing=1
786c8e2ee feat: ship pigz/igzip in rootfs to speed up image decompression
48d242918 feat: update containerd to 2.2.1
536541afe fix: mount volume mount/unmount race
39117d457 feat: update dependencies
f0f420725 fix: bond setting change detection
8d6a7a867 feat: update Kubernetes to 1.35.0
845a0d09c feat: update etcd 3.6.7, CoreDNS 1.13.2
b95912e04 feat: enforce proc_mem.force_override=never by default
681f3e84c test: run virtiofs tests only when virtiofsd is running
0592ff0cd fix: drop the Omni API URL check on IP address
a4879a5fa feat: update Linux to 6.18.1
43b43ff18 docs: split talosctl commands into groups
6d17c18bf feat: enable Powercap and Intel RAPL
884e76662 docs: fix the talosctl cluster create help output
6dc31be4f fix: exclude new Virtual IPs configured with new config
94905c73e feat(talosctl): support running qemu x86 on Mac
f871ab241 fix: provide json support in nft binary
694f45413 feat: external volumes
39feb16d2 fix: update containerd 2.2.0 with cgroups patch
82027eb9b fix: bond configuration with new settings
121b13b8f fix: disable kexec on arm64
7eaa725d0 fix: selection of boot entry
949bdb90a feat: add Secure Boot to CloudStack platform config
798143a88 fix: discard better klog message from Kubernetes client
008cd0986 fix: disable kexec in talosctl cluster create on arm64
bb62b29ed chore: prepare talos for 1.13
c0935030a chore: fork reference docs for 1.13.x
e387e48b3 fix: do not override DNS on MacOS
1e7e87fb1 fix: rework NFT rules for KubeSpan
51bcfb567 feat: rename image default and source bundle
585abe944 feat: update Kubernetes to v1.35.0-rc.1
f301e3e9b fix: update KubeSpan MSS clamping
74c1df6f4 test: propagate MTU size to QEMU in talosctl cluster create
d347ca1af fix: update CNI plugins to 1.9.0
e3f8196b4 chore: update Grype and Syft
e1b8ab323 docs: add misssing period
cd04c3dde docs: update release notes
fc8ae3249 docs: add omni join token example to create qemu command
9fa00773c chore: update go-blockdevice
ba13b6786 fix: correct condition to use UKI cmdline in GRUB
d2ce3f47f docs: drop machine.network example
cf087c1e0 test: bird2 extension
13df94388 fix: adapt SELinuxSuite.TestNoPtrace to new strace version
861787c38 fix: mark secureboot as supported for metal
04e3e87ad fix: clean up kubelet mounts
21057903a fix: clear provisioning data on SideroLink config change
0f9f4c05f feat: update Kubernetes to 1.35.0-rc.0
d4309d7b1 fix: add a timeout for DNS resolving for NTP
dd6c1089c feat: update Linux to 6.18.0
e9a30bf9a test: revert add direct connectivity CA rotation test
cc95562bc fix: don't disable LACP by default
c9fe4679b test: add platform acquire/not valid config unit-test
5a03a7a20 chore: fix longhorn test
a0cfc3527 feat: implement logs persistence
51b732bea fix: selection of boot entry
18f8ac369 feat: update Kubernetes to 1.35.0-beta.0
92fa7c5e4 chore: update pkgs for NVIDIA 580.105.08
f489299b6 chore: correct condition for running k8s integration tests
ab149750d chore: update tools/pkgs to 1.13.0-alpha.0
87ff9f860 test: fix the image-factory test to pass IF endpoint
2ffe538e7 test: add direct connectivity CA rotation test
70f6b80e0 chore(ci): skip multipath extension tests
561cfb60c chore: update pkgs and tools version
2f42202a7 fix: simplify OOM expression
7b06ae8c2 test: fix flaky LinkSpec/Wireguard test
e715f3871 feat: present kernel log as talosctl logs kernel
e2ee39b8a fix: support specifying patch file without '@' symbol
e202b1f9e fix: trim trailing dots from certificate SANs
7f7079f9c fix: assign value of multicast setting properly
eba96141e feat: update etcd to 3.6.6
9945ceef3 docs: add API Server Cipher Suites changelog
9ed488d09 feat: update TLS cipher suites for API server
f1c04e4d6 feat: generate mirrors patch
a89108995 fix: add CA subject to generated certificate
35dd612a5 fix: add more resilient move
83675838f feat: extend flags of cache-cert-gen
80ab7a064 chore: remove spammy 'clean up unused volumes' logs
74d35900a chore: disable k8s integration tests for 1GiB worker nodes
4f6218674 feat: support TALOS_HOME env var
0c59b3ea3 feat: add multicast to linkconfig
6db06f4d5 feat: implement multicast setting
eeded98f5 fix: add riscv64 talosctl to release artifacts
a6bbae91b fix: fix typos across the project
83f2bdb9c feat: support relative voume size

Dependency Changes

github.com/google/go-containerregistry v0.20.6 -> v0.20.7
github.com/klauspost/compress v1.18.1 -> v1.18.3
github.com/knadh/koanf/parsers/dotenv v1.1.1 new
github.com/knadh/koanf/parsers/json v1.0.0 new
github.com/knadh/koanf/parsers/yaml v1.1.0 new
github.com/knadh/koanf/providers/env/v2 v2.0.0 new
github.com/knadh/koanf/providers/file v1.2.0 new
github.com/knadh/koanf/providers/structs v1.0.0 new
github.com/knadh/koanf/v2 v2.3.0 new
github.com/rs/cors v1.11.1 new
github.com/siderolabs/go-blockdevice/v2 v2.0.20 -> v2.0.23
github.com/siderolabs/pkgs v1.12.0 -> v1.13.0-alpha.0-35-g375983f
github.com/siderolabs/talos v1.12.0-beta.0 -> 4b274f761594
github.com/siderolabs/talos/pkg/machinery v1.12.0-beta.0 -> 4b274f761594
github.com/sigstore/cosign/v3 v3.0.2 -> v3.0.4
github.com/sigstore/sigstore 181c5d3339b3 -> v1.10.3
github.com/spf13/pflag v1.0.10 new
go.uber.org/zap v1.27.0 -> v1.27.1
golang.org/x/sync v0.18.0 -> v0.19.0
golang.org/x/sys v0.38.0 -> v0.40.0
golang.org/x/text v0.31.0 -> v0.33.0

Previous release can be found at v0.9.0