siderolabs/talos v1.10.0 on GitHub

Talos 1.10.0 (2025-04-30)

Welcome to the v1.10.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

auditd

Kernel parameter talos.auditd.disabled=1 can be used to disable Talos built-in auditd service.

cgroups v1

Talos Linux no longer supports cgroupsv1 when running in non-container mode.
The kernel argument talos.unified_cgroup_hierarchy is now ignored.

Disk Image

Talos starting with 1.10 will have disk images that will use GRUB only for legacy BIOS and systemd-boot for modern UEFI systems.
On first boot Talos determines the boot method and will wipe the unused bootloader.

Secureboot disk-images will be sd-boot only.

For ARM64 imager will still generate GRUB bootloader for Talos < 1.10 and for Talos >= 1.10 all ARM64 boot assets will use systemd-boot.

Imager supports overwriting bootloader when generating a disk image via the Imager profile output option.

Eg:

output:
  kind: image
  imageOptions:
    bootloader: sd-boot # supported options are sd-boot, grub, dual-boot

Driver Rebind

Talos 1.10 now supports a new machine config document named PCIDriverRebindConfig that allows rebinding the driver of a PCI device to a different target driver.
See the documentation for more information.

Ethernet

Talos now provides ethtool-style Ethernet low-level configuration via network/EthernetConfig documents.
Current status of the interface can be read by talosctl get ethernetstatus.

Machine Install Extensions

.machine.install.extensions will have no effect starting from Talos 1.10, the machine config document field is still kept so upgrades from older versions are possible.
Use Boot Assets instead.

Extra Kernel Args

Talos 1.10 on fresh install on UEFI systems will now use systemd-boot and UKIs (Unified Kernel Images)[https://uapi-group.org/specifications/specs/unified_kernel_image/].
This means the kernel command line arguments are part of the UKI and cannot be modified without an upgrade to a new UKI.

Upgrades to Talos 1.10 will preseve the existing bootloader (GRUB for non-secureboot) and sd-boot for Secureboot and this change will have no effect.

To build a boot asset with extra kernel arguments whether an installer or a boot image use either Image Factory or
Imager.

This means kernel arguments not part of the UKI will not be preserved across updates and a proper installer image generated via Imager Factory or Imager is required.

Ingress Firewall

Talos Ingress Firewall now filters access to Kubernetes NodePort services correctly.

iSCSI Initiator

Talos now generates /etc/iscsi/initiatorname.iscsi file based on the node identity which is tied to the lifecycle of the node.
If using iscsi-tools extension, starting with Talos 1.10 would have a more deterministic IQN for the initiator node.
Make sure to update any iSCSI targets to use the new initiator IQN.

The iqn can be read by talosctl read /etc/iscsi/initiatorname.iscsi

ISO

Talos starting with 1.10 will have ISO's that will use GRUB only for legacy BIOS and systemd-boot for modern UEFI systems.

kube-apiserver Authorization Config

When using .cluster.apiServer.authorizationConfig the user provided order for the authorizers is honoured and Node and RBAC authorizers are always added to the end if not explicitly specified.

Eg: If user provides only Webhook authorizer, the final order will be Webhook, Node, RBAC.

To provide a specific order for Node or RBAC explicitly, user can provide the authorizer in the order they want.

Eg:

cluster:
  apiServer:
    authorizationConfig:
      - type: Node
        name: Node
      - type: Webhook
        name: Webhook
        webhook:
          connectionInfo:
            type: InClusterConfig
        ...
      - type: RBAC
        name: rbac

Usage of authorization-mode CLI argument will not support this form of customization.

NVMe NQN

Talos now generates /etc/nvme/hostnqn and /etc/nvme/hostid files based on the node identity which is tied to the lifecycle of the node.

The NQN can be read by talosctl read /etc/nvme/hostnqn

SELinux

Talos now supports enabling SELinux enforcing mode, see SELinux for more details.

Fully bootstrapped builds

Talos 1.10 is built with a toolchain based on [Stageˣ], which is a project building fully bootstrapped software.
This change increases reproducibility, auditability and security of Talos builds.

This also changes Talos root filesystem structure for unified /usr, with other directories symlinking to /usr/bin and /usr/lib.
System extensions must move their directories accordingly for 1.10.

Component Updates

Linux: 6.12.25
CNI plugins: 1.6.2
runc: 1.2.6
containerd: 2.0.5
etcd: 3.5.20
Flannel: 0.26.7
Kubernetes: 1.33.0
CoreDNS: 1.12.1

Talos is built with Go 1.24.2.

User Volumes

Talos now supports user disk volumes via the UserVolumeConfig machine config document.

The old .machine.disks field is deprecated, but still supported for backwards compatibility.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Dmitry Sharshakov
Dmitrii Sharshakov
Joakim Nohlgård
Justin Garrison
Orzelius
459below
Andrew Longwill
Enrique Hernández Bello
Marat Bakeev
Mathspy
Nico Berlee
Shiroki Satsuki
Skyler Mäntysaari
Utku Ozdemir
ihelmer07
Adam Cirillo
Alex Lubbock
Alexander James Candfield
Alexis La Goutte
Andrew Symington
Artem Chernyshev
Cazmill13
Christian Luetke-Stetzkamp
Christoph Hoopmann
Dennis
Devin Buhl
Dominik Masur
Ermeikin Sergei
Florian Grignon
Gabe Alford
Ganawa Juanah
George Gaál
Jason Benedicic
Joakim Nohlgård
Josef
K Birt
KillianCdP
L.J. Hanson
Louis SCHNEIDER
Marcel Hamer
Mikhail Petrov
Motte
Natalie Romana Albers
Nikolai Shields
Omar
PRIHLOP
Ram
Robin Elfrink
Rouke Broersma
Ryan Jacobs
SayfEddine
Serge Logvinov
Shaderbug
Stepan Rabotkin
Steven I.
Thomas Gosteli
Tim Olson
Tine Jozelj
Tobias Kohlbau
TomyLobo
Valtteri Huuskonen
bzub
greenpsi
jvanthienen
jvanthienen-gluo
mehlc
pphysch
sflotat2607
suse-coder

Changes

346 commits

e6bd83041 release(v1.10.0): prepare release
d0b0c9829 test: replace platform metadata test
889baabb4 fix: disk image generation with image cache
947d4b1f9 fix: preserve kubelet image suffix
9ea205bc9 fix: handle encryption type mismatch
4e1357822 feat: allow SideroLink unique token in machine config
eaa575cb8 feat(kernel): add bcache kernel module to core talos
b248a370a chore: show bound driver in pcidevices info
204fad29a fix: handle correctly changing platform network config
75aeb5f07 feat: add version compatibility for Talos 1.11
3761e535a feat: update Kubernetes to 1.33.0
5205870c4 fix: force DNS runner shutdown on timeout
1f3d91462 fix: fix Gvisor tests with containerd patch
3bbbacfa9 chore(ci): add provision test with bios
6576ce088 fix: set media type to OCI for image cache layer
431e0224c feat: update Linux 6.12.24, containerd 2.0.5
bece55108 fix: extension services logging to console
d4b8090c1 fix: sync PCR extension with volume provisioning lifecycle
284bc668b release(v1.10.0-beta.1): prepare release
0671304ba fix: grub EFI mount point
629ea185d fix: grub efi platform install
8e7d499c1 feat: support encryption config for user volumes
1d39d7a7f feat: add new SBCs
21ef180a4 feat: update Flannel to v0.26.7
c14f52dbe fix: prefer new MountStatus resource
79d16d1a8 feat: update Kubernetes to 1.33.0-rc.1
ba74fadd6 feat: support address priority
9ef9bb95f docs: fix tabpane styling
445a7e1e1 test: fix NVIDIA OSS tests
03d6a1762 feat: update base CoreDNS code in host DNS to 1.12.1
f23439b8e chore: allow more than a single commit
92dbf1987 release(v1.10.0-beta.0): prepare release
54a167a61 fix: upgrades with bios
f4bfbbbf5 chore: bump dependencies
c55af59a2 feat: update Linux to 6.12.23
892a6854d docs: document SELinux
664fa3697 feat: implement user volumes
c1bec3cd0 test: add negative tests for SELinux
4a19467d4 docs: add note about nftables conflict
401b62ade feat: update Kubernetes to v1.33.0-rc.0
e5a9cbbe6 feat: pull in more HiSilicon drivers
5e4c24758 feat: add a version resource
84f69f043 docs: update hugo version
5cd58ec86 feat: add Hisilicon arm drivers
18acfb2e1 feat: update Flannel to v0.26.6
e8e7f75c7 fix: skip lvm activation if meta is not found
6eee57b16 feat: add support for GCP instance tags
60448b516 feat: add support for instance tags on AWS
e8c3aeb80 feat: prefer uefi boot for aws ami's
c4136c27d fix: uki boot detection
e0171efff docs: improve references to config patches
372c62b72 fix: handle override path for registry mirrors correctly
199661037 feat: expose if system is booted with UKI
7e7804b7a fix: avoid printing terminating null byte in SELinux context
c766f23e6 chore: small developer improvements
73c9e91c6 fix: race in the volume mount status handling
649b7f3eb docs: add vc4 extension
250fc1413 feat: support xfs mkfs config version
c83611ddd test: more extension modules
07a432cc5 fix: use proper read-only bind mounts in init
efd918eeb feat: update dependencies
063fca6e0 fix: containerd auth hostname in the config
5eaaa7ffa test: fix enforcing steps in cron
203e02df4 refactor: implement directory and overlay mounts
190d34af4 fix: image cache generation on Windows
db378c76c docs: update development docs
8f918a34e fix: upgrades with kexec
bf80079d4 docs: docs on configuring Containerd CDI spec dirs
c7613ba0e test: test NVIDIA drivers 570.x
e52b8b0a3 feat: update etcd to 3.5.21
0a18656f8 docs: fix version in kube-proxy manual upgrade
efd15f4e0 docs: update aws.md
97843a6b5 docs: update hetzner.md
cac3b549f chore: drop runc memfd bind
ffc1c43d9 test: drop Azure CI pipelines
80e321653 release(v1.10.0-alpha.3): prepare release
a834219ac chore: update dependencies
857779b90 docs: clarify custom CA certificate with KMS STATE encryption
39ed45ae6 docs: add information about Cilium exclusive CNI
087a85f40 feat: support running with SELinux enforcing
d4aacb0d8 refactor: mount operation for STATE and user disks
44f3c7248 fix: kata extension
7ca5ab5e9 fix: shrink installer and imager images
ea0994cfe fix: kexec with smbios type 11 string
8e20a5d28 fix: pass /usr/etc/in-container to apid, trustd and extension containers
9b9512ba8 feat: update Linux 6.12.19, containerd 2.0.4
433b0237b fix: correct structprotogen example
6e68a522a chore: fix conformance artifact name
f592730d9 fix(ci): fix image cache test
cc6c714ce feat: add Tegra modules to initrd
81d1fe0f8 fix: add missing TOOLS_PREFIX for WITH_DEBUG_SHELL builds
3e38bf6d4 fix: ignore missing config (nocloud) via cidata
27a4486a8 docs: fix typo cluser -> cluster
ac79b1ea0 feat: pull in Intel STTMAC network drivers
9bb5c060c chore: bump go-kubernetes
2b8e08234 feat: deprecate .machine.install.extensions
b7446372b docs: add documentation on unofficial SBC forks
9bec765c4 feat: talosctl kubeconfig write to stdout option
11ebb1078 fix: kexec when using sd-boot
61f1a32d2 test: allocate more resources for conformance runs
b8b7b83f8 chore: extraKernelArgs validation for UKI's
e2df0c6d3 docs: update siderolink.md
f9b14e784 fix: reconnect on SideroLink tunnel on/off change
29f7b3bf3 test(ci): use k8s websocket executor for tests
9531c1c6d fix(ci): image-cache cron
90abdc489 feat: update Kubernetes to 1.33.0-beta.0
9a5914048 refactor: ephemeral mount
e4fb1c06a docs: update for predictable interface naming
729fce306 feat: update Linux to 6.12.18
b4d2e1c3c fix: typo in machinery CloudPlatforms
7e0475488 fix: qemu: archive cluster logs only after stopping VMs
dab30a8b9 fix: ensure no goroutines escape in dns controller
fce824e2f fix: change from "init6" to "inet6" in docs
f51ebd1bc chore: fix the mount cache ids in the Dockerfile
4365aecbd test: use standard installer for e2e-iso
431178327 feat: update Kubernetes to v1.33.0-alpha.3
1259345e4 fix(ci): image-cache cron
18871a7eb chore: tidy labeled-squashfs.sh
d45259f89 feat: update Flannel to 0.26.5
e83ef0e2e docs: update proxmox.md
3def5f9a6 feat: update etcd to 3.5.19
c3c0d2e42 test: fix dns test in race mode
17965c32f chore: update Go to 1.24.1
1fbb2d1a7 docs: update nvidia-gpu-proprietary.md
d60972bdf chore: add installer-base to the list of signed images
ab6cb3dfa chore: disable azure upload
2355218e4 release(v1.10.0-alpha.2): prepare release
d4e3e957c fix(ci): fix integration tests
1849b5388 feat: update dependencies
88fc6bbeb test: fix UKI preserving talos.config and image cache
ba8cd304d test: enable image-cache in the cron
28b5dc738 test: fix reproduciblity test
50998038b feat: prefer sd-boot for UEFI
e831e52e0 feat: add support for qla2xx
ec5c049a5 feat: update Kubernetes to 1.33.0-alpha.2
ebfa82f35 docs: update deprecated command
d79059a2c chore: fix shutdown typo in shutdown sequence
a3f88d2ef fix: block NodePort services with ingress firewall
fd8131cb8 feat: generate unified installer
ebfdb91b4 fix: handle dynamic HTTP proxy settings for discovery client
d45eaeb74 fix: correctly map link names/aliases when using VIP operator
7c4e47c0c chore: stop doing generate on each build
b1d410cb6 feat: dual boot disk image
468e318ba fix: multiple fixes for dashboard/no data
3dd8d9aed docs: update resetting-a-machine.md to include example of reset
7af8f6b2f feat: validate docker image references in upgrade options
c949f55e6 docs: remove typo on resetting a machine page
f5c097041 feat: add description to schema object defs
79ee304e1 chore: update enumer to a version that fixes Go 1.24 compatibility
46d67fe44 chore: update Go to 1.24, update pkgs
7f1dd2669 fix(ci): fix integration-misc crons
26a773d3f docs: add a note about syslog sending messages to services
7ce053638 fix: ignore digest part of images when checking version
ae1b00354 feat: support noclooud instance-id from dmi
58661dea7 docs: update getting-started.md
94cf9fb84 chore: fix spurious generate failures
32a34791e fix: typo in Makefile target talosctl-freebsd-arm64
1b4464c8a feat: update Kubernetes to 1.32.2
9463ac23e fix: make ingress firewall filter traffic to nodeports
8531d91a1 fix: blockdevice transport detection
ce616d93a fix: path for ca-certificates
f35b58779 fix: fix diff printing
bf0f910a1 chore: provide more logging for dns requests
607998ba2 feat: support uki profiles via imager
711cf2d99 fix: ignore errors to stop pods
142d75483 fix: handle empty registry config
47f377b21 feat: implement the last ethtool feature - channels
88cf69b8c feat: multi profile UKIs
557faad75 feat: update Linux to 6.12.13
5dbf9e350 refactor: implement volume mount controller
aa11e9abb fix: make image cache volume management less strict
26a62e342 docs: fix typo in Wireguard docs
0419f5d8b feat: implement features in ethtool-like support
cd66fc6e8 feat: use bootstrapped packages for building Talos
2b5bd5d1d chore: upgrade siderolabs/go-loadbalancer
15191aa3e fix: extract cmdline multi profile UKIs
716f700da feat: provide initial support for ethtool configuration
b726e2f9f feat: update Flannel to 0.26.4
98d56d4d6 chore: track opened grpc connections
5e28c8e03 fix: image cache volume provisioning
c9667813d chore: remove containerd importer
270ffb69a fix: duplicate qemu drive ids
71ec41be1 fix: build of Talos on non-Linux host
e2aa7c98c fix: installer with SecureBoot should contain UKIs
6e22c06c3 release(v1.10.0-alpha.1): prepare release
3a2d9867b fix: do not close client.Client.conn with finalizer
73f30ff25 feat: bump pkgs for udev update
aea90cb8f docs: update hyper-v
b7165615f fix: use local NTP for AWS platform
673ca4bcb fix: ensure proper closure of client.Client.conn with finalizer
19040ffd6 fix: handle of PE sections with duplicate names
83489d348 docs: add note about vmxnet and flannel conflict
f1292f5e7 docs: add iscsi-tools extension to prerequisites
93b4a3740 test: bump timeout on rotate CA test
42e166984 feat: support kexec from uki
8da264946 docs: add Orange Pi 5 to Image Factory platforms and documentation
c5fb62e2e feat: update Linux to 6.2.11
83d007c16 feat: update etcd to 3.5.18
edf7c3288 fix: pe uki extract
70f72c5b0 docs: update multus.md
807a3cd29 refactor: all network merge controllers
ec8c4660e docs: update vmware.md
baf81cd49 fix(ci): k8s integration suite wait for resource
cd5e54903 feat: generate iso's with both UKI and grub
75673b6a3 feat: provide stable symlinks in disk resources
f407c88e4 fix(ci): wait for longhorn node resource
601cdccb9 feat: extract kernel/initrd from uki for grub
ff175b9fb docs: update disk-encryption.md
a8d84e315 docs: fix typos and add more explanations in docs
3a384240e fix: invalid date field in iqn/nqn
82c9ec158 chore(ci): add tests with longhorn v2 engine
689ea1dbf fix: bring back disk UUID
7a712fad2 fix: disks with 4k sector size and systemd-boot
d62a34aaf feat: update tools/pkgs/extras
b9a8ad6ac chore: de-hardcode list of extra images for image-cache test
683153a33 docs: remove the last mentions of preserve flag for Talos 1.8+
33c7f4195 docs: fix typo an MacOS to on MacOS
21cff3919 chore(ci): fio benchmark results as separate artifacts
0b7fc7cdf fix: abort node watch on hostname change
99ba53941 docs: remove the mention of preserve flag for Talos 1.8+
bde516fde chore(ci): rework iscsi-tools extensions test
e1efbf656 refactor: extract platform metadata into Talos machinery
79987c05d feat: generate iqn and nqn files
0cab6ed17 docs: update troubleshooting.md
921e10254 chore: update Go to 1.23.5
399d53b54 fix: ignore forbidden error when waiting for pod eviction
8dea57a81 fix: make etc binds read-only
63157dcb4 docs: update SideroLinkConfig example
fc7080e34 chore: clear cache after updating upstreams
51e0f273f docs: update documentation for Talos 1.9.2
e06b14112 feat: update Kubernetes to 1.32.1
4310b290d fix: generate UKI only if actually needed
a8cd99102 docs: update OpenEBS Mayastor installation
cf45f4764 docs: add Radxa ROCK 5B docs to Single Board Computer section
b21bdc5e5 chore(ci): save csi tests fio results
01c86832c chore(ci): add test for OpenEBS MayaStor
c77483510 test: update talosctl debug air-gapped
ddd695d93 feat: update containerd to 2.0.2
da2e81120 fix: add informer resync period for node status watcher
9b957df64 chore: uki code restructure
e41a99525 fix: kube-apiserver authorizers order
db4ca5668 feat: add a kernel parameter to disable built-in auditd
faa149003 feat: update Linux to 6.12.9
8de19758d fix: a couple of imager panics/crashes
5bc3e34cb fix: detect GPT before ZFS
ed7e47d15 refactor: drop usage of objcopy to generate UKIs
edf5c5e29 fix: extfs repair and resize
6e32ea5b7 fix: merge of VolumeConfig documents with sizes
1be5f8ff2 feat: update Linux to 6.12.8
e6a4583ba feat: support generating unsigned UKIs
bbd6067d4 fix: partition alignment on disks with 4k sectors
84fcc976f fix: yet another dashboard panic
6d605fc85 fix: disable NRI plugin in a different way
499695e24 fix: request previous IP address in discovery
cc84caf8c docs: update Cilium documentation
fa5300d91 chore: revert: drop deprecated allowSchedulingOnMasters
0abb3dabf docs: fix command to wait for ceph-rook HEALTH_OK
32c67c27c chore: drop deprecated allowSchedulingOnMasters
ae6d065be fix: mount selinuxfs only when SELinux is enabled
5ccbf4bcd feat: enable configfs
59582496d feat: bring in partity with sd-257
83d84a831 chore(ci): better zfs checks
650eb3a4f refactor: rewrite cloud uploader to use AWS SDK Go v2
01bf8449b fix: update field name for bus path disk selector
e915c98d5 fix: exclude disks with empty transport for disk selector
b7a7fdc4b refactor: generate /etc/os-release file static way
e79c9e127 chore(ci): drop equinix metal e2e-test
418945444 fix: build of talosctl on non-Linux platforms
4761a9e6a chore: update dependencies
f98efb333 fix: ignore member not found error on leave cluster
b72bda0a4 fix: talosctl support and race tests
27233cf0f test: use node informer instead of raw watch
5dc15e8db fix: update go-blockdevice to v2.0.9
5f3acd0f2 fix: use correct default search domain
7e5d36d46 fix: pci driver rebind config validation
4b97bbc3f fix: pull in containerd CNI deadlock fix
066480722 test: fix apparmor tests
82ea44a6b fix: reduce installer image
78b3e7f4f fix: get next rule number for IPv6 in the appropriate chain
675854aa0 docs: fix two typos
f70b7386a test: add a xfs makefs test
8212e4864 refactor: use quirks in kernel args
b4aa5189d release(v1.10.0-alpha.0): prepare release
bd85bd5b7 fix: fix Failed to initialize SELinux labeling handle udev error
73c82e3e5 feat: bring Linux 6.12.6, CNI plugins 1.6.1
c12b52491 docs: document Kubernetes service registry incompat with K8s 1.32
a5660ed77 feat: pcirebind controller
4c3261626 docs: fix several typos
fb3675321 fix: dashboard crash on CPU data
dec0185c8 chore: reduce memory usage for secureboot functions
cee6c60a0 fix: make talosctl time work with PTP time sync
f75604313 chore: support gcr.io auth for cache and image gen
6ef2596da docs: improve Hetzner documentation
7d39b9ec2 feat: remove cgroupsv1 in non-container mode
8003536c7 fix: restore previous disk serial fetching
03116ef9b chore: prepare for Talos 1.10
00682fdd6 docs: activate 1.9 docs as default
bea05f5c9 docs: update deploying-cilium.md
284ab1179 feat: support link altnames/aliases
5bfd829bf docs: fix 'containter' typo
8d151b771 docs: clarify TALOSCONFIG for AWS
0ef19171f fix: renovate typo
c568adc7d fix: renovate config
ec2e24fd9 fix: match MAC addresses case-insensitive (nocloud)
41a0c440a chore: rekres for renovate changes
a49bb9ee4 feat: update Linux to 6.12.5
b15917ecc chore: add more debugging logs for META and volumes
2b1b326f0 docs: mention different paths for OpenEBS
9470e842f test: cleanup failed Kubernetes pods
c9c685150 fix: node identity flip
590c01657 feat: update containerd to v2.0.1
18fa5a258 docs: update image-cache doc for iso
ab5bb6884 fix: generate and serve registries with port
58236066d fix: support image cache on VFAT USB stick
e193a5071 fix: image cache integration test
08ee400fd test: fix flaky test NodeAddressSort
d45e8d1d1 feat: update Kubernetes to 1.32.0
136b12912 chore: drop semicolon for supporting vfat filesystems
3e9e027ef test: add an option to boot from an USB stick
ef8c3e3b3 docs: fix typo in multus.md
d54414add fix: authorization config gen
cce72cfe8 docs: replace deprecated Hetzner server plans
81805103d chore: enable proper parallel usage of TestDepth
e1b824eba docs: update ceph-with-rook.md
470b75563 fix: use mtu network option for podman
61b1489a0 fix: order volume config by the requested size
bc3039acd feat: update runc to 1.2.3
30016a0a8 fix: avoid nil-pointer-panic in RegistriesConfigController
fe0457152 fix: power on the machine on reboot request in qemu power api
10da553ef docs: build what's new for 1.9
d946ccae3 feat: update Linux to 6.12.4
707a77bf6 test: fix user namespace test, TPM2 fixes
c3537b2f5 feat: update Linux to 6.12.3
cb4d9d673 docs: fix a few mistakes in release notes
c4724fc97 chore: add integration tests for image-cache
07220fe7f fix: install iptables-nft to the host
14841750b chore: add version compatibility for Talos 1.10
852baf819 feat: support vlan/bond in v1, vlan in v2 for nocloud
dd61ad861 fix: lock provisioning order of user disk partitions
d0773ff09 chore: update Go to 1.23.4
7d6507189 feat: implement new address sorting algorithm
9081506d6 feat: add process scheduling options
77e9db4ab test: use two workers in qemu tests by default
5a4bdf62a feat: update Kubernetes to 1.32.0-rc.1
d99bcc950 chore: refactor mergeDNSServers func
0cde08d8b docs: add Turing RK1 docs to Single Board Computer section

Changes since v1.10.0-beta.1

18 commits

e6bd83041 release(v1.10.0): prepare release
d0b0c9829 test: replace platform metadata test
889baabb4 fix: disk image generation with image cache
947d4b1f9 fix: preserve kubelet image suffix
9ea205bc9 fix: handle encryption type mismatch
4e1357822 feat: allow SideroLink unique token in machine config
eaa575cb8 feat(kernel): add bcache kernel module to core talos
b248a370a chore: show bound driver in pcidevices info
204fad29a fix: handle correctly changing platform network config
75aeb5f07 feat: add version compatibility for Talos 1.11
3761e535a feat: update Kubernetes to 1.33.0
5205870c4 fix: force DNS runner shutdown on timeout
1f3d91462 fix: fix Gvisor tests with containerd patch
3bbbacfa9 chore(ci): add provision test with bios
6576ce088 fix: set media type to OCI for image cache layer
431e0224c feat: update Linux 6.12.24, containerd 2.0.5
bece55108 fix: extension services logging to console
d4b8090c1 fix: sync PCR extension with volume provisioning lifecycle

Changes from siderolabs/crypto

1 commit

siderolabs/crypto@0d45dee chore: bump deps

Changes from siderolabs/discovery-api

1 commit

siderolabs/discovery-api@64513a6 feat: rekres, regenerate proto files

Changes from siderolabs/discovery-client

1 commit

siderolabs/discovery-client@b3632c4 feat: support extra dial options in the client

Changes from siderolabs/gen

1 commit

siderolabs/gen@5ae3afe chore: update hashtriemap implementation from the latest upstream

Changes from siderolabs/go-circular

2 commits

siderolabs/go-circular@015a398 fix: replace static buffer allocation on growth
siderolabs/go-circular@ed8685e test: add more assertions for write length result

Changes from siderolabs/go-debug

1 commit

siderolabs/go-debug@ea108ca chore: add support for Go 1.24

Changes from siderolabs/go-kubeconfig

1 commit

siderolabs/go-kubeconfig@cc42d09 chore: rekres and update

Changes from siderolabs/go-kubernetes

4 commits

siderolabs/go-kubernetes@2bdbda7 feat: adjust checks for Kubernetes v1.33.0
siderolabs/go-kubernetes@9ba5654 fix: fix ignoring alpha/beta version parsing
siderolabs/go-kubernetes@0fe1db4 feat: update for new changes in Kubernetes 1.33.0-alpha.3
siderolabs/go-kubernetes@804cb44 feat: add support for Kubernetes to 1.33

Changes from siderolabs/go-loadbalancer

1 commit

siderolabs/go-loadbalancer@589c33a chore: upgrade upstream.List and loadbalancer.TCP to Go 1.23

Changes from siderolabs/go-pcidb

1 commit

siderolabs/go-pcidb@a1da58e feat: update PCI database

Changes from siderolabs/go-pointer

1 commit

siderolabs/go-pointer@347ee9b chore: rekres, update dependencies

Changes from siderolabs/go-talos-support

1 commit

siderolabs/go-talos-support@0f784bd fix: avoid deadlock on context cancel

Changes from siderolabs/pkgs

86 commits

siderolabs/pkgs@48dba3e feat: update Linux to 6.12.25
siderolabs/pkgs@1643aea feat(kernel): enable bcache module
siderolabs/pkgs@b530e90 fix: backport sandbox fix for Gvisor
siderolabs/pkgs@7f5c2ce feat: update Linux 6.12.24, containerd 2.0.5
siderolabs/pkgs@300733a chore: allow more than one commit per PR
siderolabs/pkgs@0486742 chore: move extras into pkgs
siderolabs/pkgs@5f87a3c feat: update dependencies
siderolabs/pkgs@c93fe86 feat: update Linux to 6.12.23
siderolabs/pkgs@e331e59 feat: enable Huawei's BMC DRM drivers on arm64
siderolabs/pkgs@fa942e2 feat: enable Hisilicon NIC drivers on arm64
siderolabs/pkgs@5bb705c fix: build Amazon ENA driver as module
siderolabs/pkgs@a09be59 feat: bump dependencies
siderolabs/pkgs@cdecbc9 feat: update Linux to 6.12.21
siderolabs/pkgs@7d7323b feat: add upstream XDMA driver to pkgs
siderolabs/pkgs@e9a260a feat: add Amazon ENA Linux driver
siderolabs/pkgs@1016f21 feat(kernel): enable vc4 module
siderolabs/pkgs@665f782 feat: update NVIDIA production drivers to 570.x
siderolabs/pkgs@55d99ea feat: update dependencies
siderolabs/pkgs@668d25b fix: trim qemu-tools
siderolabs/pkgs@143f50d feat(containerd): provide ctr as part of the build
siderolabs/pkgs@990a9e8 feat: update Linux 6.12.19, Linux firmware 20250311
siderolabs/pkgs@9af76d3 feat: update containerd 2.0.4, runc 1.2.6
siderolabs/pkgs@5a0d262 feat: add CONFIG_DWMAC_DWC_QOS_ETH to arm64 config
siderolabs/pkgs@9e9a817 feat(kernel): add support for intel based edge device
siderolabs/pkgs@4d4aaad fix: patch containerd with restart fix
siderolabs/pkgs@dbdeff4 feat: enable kernel drivers for tegra194, tegra234 SoCs
siderolabs/pkgs@499e56f feat(kernel): enable v3d as kernel module
siderolabs/pkgs@988ec60 feat: add intel pmt/pmc
siderolabs/pkgs@8e2c6d8 feat: update Linux to 6.12.18
siderolabs/pkgs@5246c32 feat(kernel): add -@ to dtc flags for arm64 to enable overlay support
siderolabs/pkgs@068171e chore: unify buildkits
siderolabs/pkgs@a4ac508 feat: add panfrost kernel module
siderolabs/pkgs@5d6ca21 fix: backport MGLRU patch from Linux 6.13
siderolabs/pkgs@1d84473 feat: update dependencies
siderolabs/pkgs@831bc76 feat(kernel): enable TPM SPI support in kernel config for arm64
siderolabs/pkgs@023f092 feat: enable nfsd support in the kernel
siderolabs/pkgs@347ad26 feat: update Linux 6.12.17, containerd 2.0.3
siderolabs/pkgs@40241af feat: enable qla2xxx module
siderolabs/pkgs@6fb00b4 fix: pull in kmod from tools
siderolabs/pkgs@cc5317a fix: patch Linux with blackhole patch
siderolabs/pkgs@08389dd chore: support vmdk and cp format for qemu-img
siderolabs/pkgs@7774b08 feat: update Linux to 6.12.16, validate package structure
siderolabs/pkgs@40d288c fix: imager deps
siderolabs/pkgs@351a1a1 feat: add tools needed for imager
siderolabs/pkgs@80351ca fix: reproducibility tests
siderolabs/pkgs@e1f11f0 fix: remove patches and other files from copy-only packages
siderolabs/pkgs@8fff06b chore: bump xfsprogs to 6.12.0
siderolabs/pkgs@76a0316 chore: systemd 257.3, runc 1.2.5, ipxe
siderolabs/pkgs@359807b feat: copy built packages, improve hermetic build
siderolabs/pkgs@117a1d6 feat: update Linux to 6.12.13
siderolabs/pkgs@85f8901 feat: make pkgs build bootstrapped
siderolabs/pkgs@5763e3e feat: update systemd to 257.2
siderolabs/pkgs@1e24b31 feat: update Linux to 6.12.11
siderolabs/pkgs@38749d1 fix: build CNI plugins statically linked
siderolabs/pkgs@5da83db feat: bump NVIDIA driver versions
siderolabs/pkgs@5934363 fix: certificates CA
siderolabs/pkgs@57f492d feat: bump dependencies
siderolabs/pkgs@45b9ebe feat: update Linux to 6.2.10
siderolabs/pkgs@e00ad67 chore: rekres to fix reproducibility build
siderolabs/pkgs@cfb4b0a feat: update Go to 1.23.5
siderolabs/pkgs@72f19a2 feat: update containerd to v2.0.2
siderolabs/pkgs@17a80ee feat: update Linux to 6.12.9
siderolabs/pkgs@c9d718d fix: adjust kernel options around ACPI/PCI/EFI
siderolabs/pkgs@eb9d566 feat: update Linux to 6.12.8
siderolabs/pkgs@73e4353 fix: update config-arm64 to add Rasperry Pi watchdog support
siderolabs/pkgs@0ab2427 fix: dvb was missing I2C_MUX support and si2168 driver
siderolabs/pkgs@c3ac8e2 chore: drop unused cert copy
siderolabs/pkgs@e7eddcf feat: bump dependencies
siderolabs/pkgs@0b00e86 fix: patch containerd with CNI deadlock fix
siderolabs/pkgs@9051c9a feat: update Linux to 6.12.6
siderolabs/pkgs@6695012 chore: rekres to simplify .kres.yaml defaults
siderolabs/pkgs@611ca38 chore: rekres to bring renovate under kres
siderolabs/pkgs@a4c4215 fix: drop cgroupsv1 controllers
siderolabs/pkgs@28c909d feat: update Linux firmware to 20241210
siderolabs/pkgs@c40a9e9 feat: update Linux to 6.12.5
siderolabs/pkgs@d54ca83 feat: update containerd to v2.0.1
siderolabs/pkgs@86e3755 fix: add CONFIG_INTEL_MEI_GSC_PROXY as module
siderolabs/pkgs@8c31321 feat: update ZFS to 2.2.7
siderolabs/pkgs@605f493 feat: update runc to v1.2.3
siderolabs/pkgs@1a55529 feat: update Linux to 6.12.4
siderolabs/pkgs@52ba9a5 feat: update Linux 6.12.3
siderolabs/pkgs@9cf35be feat: build host iptables with nftables support
siderolabs/pkgs@71003a3 feat: update Go to 1.23.4
siderolabs/pkgs@5b4d402 feat: build dvb kernel modules and CX23885
siderolabs/pkgs@b330af9 chore: bring in KSPP recommendations
siderolabs/pkgs@f81b190 feat: kernel driver support for RK3588 devices (Turing RK1)

Changes from siderolabs/proto-codec

1 commit

siderolabs/proto-codec@3235c29 chore: bump deps

Changes from siderolabs/siderolink

2 commits

siderolabs/siderolink@a7af143 feat: support packets filtering before writing them to the tun device
siderolabs/siderolink@38e459e chore: bump deps

Changes from siderolabs/tools

26 commits

siderolabs/tools@000c3bb feat: bump dependencies
siderolabs/tools@4f2036e feat: bump dependencies
siderolabs/tools@6d456ca fix: revert util-linux to 2.40.4
siderolabs/tools@5bba094 feat: update dependencies
siderolabs/tools@eeb1f9d fix: revert swig update
siderolabs/tools@6b082a6 chore: unify buildkits
siderolabs/tools@87acb27 feat: update dependencies
siderolabs/tools@fcee25b fix: revert kmod to 33
siderolabs/tools@6a71711 fix: do not install man and locale for exported packages
siderolabs/tools@3389ba2 chore: move zlib to be an external package
siderolabs/tools@d93b780 chore: expose more tools
siderolabs/tools@46be459 chore: remove systemd version
siderolabs/tools@f33fbe4 fix: install policycoreutils under correct prefix
siderolabs/tools@758d61c chore: update dependencies
siderolabs/tools@f398a04 chore: update dependencies, hermetic build
siderolabs/tools@9db33dd feat: update to Go 1.23.6
siderolabs/tools@ef0a679 fix: do not install anything to /usr/lib64
siderolabs/tools@35748ea feat: fully bootstrapped build
siderolabs/tools@7200845 feat: update dependencies
siderolabs/tools@bc30a2a feat: update Go to 1.23.5
siderolabs/tools@533b595 chore: rekres to fix reproducibility
siderolabs/tools@01568a5 chore: use Make and Go from the toolchain image
siderolabs/tools@0393558 feat: bump dependencies
siderolabs/tools@7811a5f chore: rekres to simplify .kres.yaml defaults
siderolabs/tools@0b8b905 chore: kresify renovate config
siderolabs/tools@fe34fb3 feat: update Go to 1.23.4

Dependency Changes

cloud.google.com/go/compute/metadata v0.5.2 -> v0.6.0
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 -> v1.18.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 -> v1.9.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.3.0 -> v1.3.1
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 -> v1.3.1
github.com/aws/aws-sdk-go-v2/config v1.28.5 -> v1.29.14
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 -> v1.16.30
github.com/aws/aws-sdk-go-v2/service/kms v1.37.6 -> v1.38.3
github.com/aws/smithy-go v1.22.1 -> v1.22.3
github.com/containerd/cgroups/v3 v3.0.4 -> v3.0.5
github.com/containerd/containerd/v2 v2.0.1 -> v2.0.5
github.com/containerd/platforms v1.0.0-rc.0 -> v1.0.0-rc.1
github.com/containernetworking/cni v1.2.3 -> v1.3.0
github.com/containernetworking/plugins v1.6.0 -> v1.6.2
github.com/cosi-project/runtime v0.7.6 -> v0.10.2
github.com/docker/cli v27.3.1 -> v28.0.4
github.com/docker/docker v27.3.1 -> v28.0.4
github.com/elastic/go-libaudit/v2 v2.6.1 -> v2.6.2
github.com/florianl/go-tc v0.4.4 -> v0.4.5
github.com/foxboron/go-uefi fab4fdf2f2f3 -> 69fb7dba244f
github.com/fsnotify/fsnotify v1.8.0 -> v1.9.0
github.com/gdamore/tcell/v2 v2.7.4 -> v2.8.1
github.com/google/cadvisor v0.51.0 -> v0.52.1
github.com/google/cel-go v0.22.1 -> v0.24.1
github.com/google/go-containerregistry v0.20.2 -> v0.20.3
github.com/google/go-tpm v0.9.1 -> v0.9.3
github.com/google/nftables v0.2.0 -> v0.3.0
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 -> v2.3.1
github.com/hetznercloud/hcloud-go/v2 v2.17.0 -> v2.21.0
github.com/insomniacslk/dhcp a3a4c1f04475 -> 8abf58130905
github.com/jsimonetti/rtnetlink/v2 2d6e9f8ad3f2 -> v2.0.3
github.com/klauspost/compress v1.17.11 -> v1.18.0
github.com/klauspost/cpuid/v2 v2.2.9 -> v2.2.10
github.com/mdlayher/ethtool v0.2.0 -> v0.4.0
github.com/mdlayher/netlink v1.7.2 -> fbb4dce95f42
github.com/mdp/qrterminal/v3 v3.2.0 -> v3.2.1
github.com/miekg/dns v1.1.62 -> v1.1.65
github.com/opencontainers/image-spec v1.1.0 -> v1.1.1
github.com/opencontainers/runtime-spec v1.2.0 -> v1.2.1
github.com/pelletier/go-toml/v2 v2.2.3 -> v2.2.4
github.com/prometheus/procfs v0.15.1 -> v0.16.0
github.com/rivo/tview c76f7879f592 -> 949945f8d922
github.com/safchain/ethtool v0.5.9 -> v0.5.10
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 -> v1.0.0-beta.33
github.com/siderolabs/crypto v0.5.0 -> v0.5.1
github.com/siderolabs/discovery-api v0.1.5 -> v0.1.6
github.com/siderolabs/discovery-client v0.1.10 -> v0.1.11
github.com/siderolabs/gen v0.7.0 -> v0.8.0
github.com/siderolabs/go-blockdevice/v2 v2.0.7 -> v2.0.16
github.com/siderolabs/go-circular v0.2.1 -> v0.2.2
github.com/siderolabs/go-debug v0.4.0 -> v0.5.0
github.com/siderolabs/go-kubeconfig v0.1.0 -> v0.1.1
github.com/siderolabs/go-kubernetes v0.2.17 -> v0.2.21
github.com/siderolabs/go-loadbalancer v0.3.4 -> v0.4.0
github.com/siderolabs/go-pcidb v0.3.0 -> v0.3.1
github.com/siderolabs/go-pointer v1.0.0 -> v1.0.1
github.com/siderolabs/go-talos-support v0.1.1 -> v0.1.2
github.com/siderolabs/pkgs v1.9.0-12-g9576b97 -> v1.10.0-5-g48dba3e
github.com/siderolabs/proto-codec v0.1.1 -> v0.1.2
github.com/siderolabs/siderolink v0.3.11 -> v0.3.13
github.com/siderolabs/talos/pkg/machinery v1.9.0 -> v1.10.0
github.com/siderolabs/tools v1.9.0-1-geaad82f -> v1.10.0
github.com/spf13/cobra v1.8.1 -> v1.9.1
github.com/spf13/pflag v1.0.5 -> v1.0.6
github.com/thejerf/suture/v4 v4.0.5 -> v4.0.6
go.etcd.io/etcd/api/v3 v3.5.17 -> v3.5.21
go.etcd.io/etcd/client/pkg/v3 v3.5.17 -> v3.5.21
go.etcd.io/etcd/client/v3 v3.5.17 -> v3.5.21
go.etcd.io/etcd/etcdutl/v3 v3.5.17 -> v3.5.21
go.uber.org/goleak v1.3.0 new
golang.org/x/net v0.32.0 -> v0.39.0
golang.org/x/oauth2 v0.24.0 -> v0.29.0
golang.org/x/sync v0.10.0 -> v0.13.0
golang.org/x/sys v0.28.0 -> v0.32.0
golang.org/x/term v0.27.0 -> v0.31.0
golang.org/x/text v0.21.0 -> v0.24.0
golang.org/x/time v0.8.0 -> v0.11.0
golang.zx2c4.com/wireguard/wgctrl 925a1e7659e6 -> a9ab2273dd10
google.golang.org/grpc v1.68.1 -> v1.71.1
google.golang.org/protobuf v1.35.2 -> v1.36.6
k8s.io/api v0.32.0 -> v0.33.0
k8s.io/apimachinery v0.32.0 -> v0.33.0
k8s.io/apiserver v0.32.0 -> v0.33.0
k8s.io/client-go v0.32.0 -> v0.33.0
k8s.io/component-base v0.32.0 -> v0.33.0
k8s.io/cri-api v0.32.0 -> v0.33.0
k8s.io/kube-scheduler v0.32.0 -> v0.33.0
k8s.io/kubectl v0.32.0 -> v0.33.0
k8s.io/kubelet v0.32.0 -> v0.33.0
k8s.io/pod-security-admission v0.32.0 -> v0.33.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.72 -> v1.2.76

Previous release can be found at v1.9.0

Images

ghcr.io/siderolabs/flannel:v0.26.7
registry.k8s.io/coredns/coredns:v1.12.1
gcr.io/etcd-development/etcd:v3.5.21
registry.k8s.io/kube-apiserver:v1.33.0
registry.k8s.io/kube-controller-manager:v1.33.0
registry.k8s.io/kube-scheduler:v1.33.0
registry.k8s.io/kube-proxy:v1.33.0
ghcr.io/siderolabs/kubelet:v1.33.0
ghcr.io/siderolabs/installer:v1.10.0
registry.k8s.io/pause:3.10