siderolabs/talos v1.10.0-alpha.2 on GitHub

Talos 1.10.0-alpha.2 (2025-03-05)

Welcome to the v1.10.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

auditd

Kernel parameter talos.auditd.disabled=1 can be used to disable Talos built-in auditd service.

cgroups v1

Talos Linux no longer supports cgroupsv1 when running in non-container mode.
The kernel argument talos.unified_cgroup_hierarchy is now ignored.

Disk Image

Talos starting with 1.10 will have disk images that will use GRUB only for legacy BIOS and systemd-boot for modern UEFI systems.
On first boot Talos determines the boot method and will wipe the unused bootloader.

Secureboot disk-images will be sd-boot only.

For ARM64 imager will still generate GRUB bootloader for Talos < 1.10 and for Talos >= 1.10 all ARM64 boot assets will use systemd-boot.

Imager supports overwriting bootloader when generating a disk image via the Imager profile output option.

Eg:

output:
  kind: image
  imageOptions:
    bootloader: sd-boot # supported options are sd-boot, grub, dual-boot

Driver Rebind

Talos 1.10 now supports a new machine config document named PCIDriverRebindConfig that allows rebinding the driver of a PCI device to a different target driver.
See the documentation for more information.

Ethernet

Talos now provides ethtool-style Ethernet low-level configuration via network/EthernetConfig documents.
Current status of the interface can be read by talosctl get ethernetstatus.

Ingress Firewall

Talos Ingress Firewall now filters access to Kubernetes NodePort services correctly.

iSCSI Initiator

Talos now generates /etc/iscsi/initiatorname.iscsi file based on the node identity which is tied to the lifecycle of the node.
If using iscsi-tools extension, starting with Talos 1.10 would have a more deterministic IQN for the initiator node.
Make sure to update any iSCSI targets to use the new initiator IQN.

The iqn can be read by talosctl read /etc/iscsi/initiatorname.iscsi

ISO

Talos starting with 1.10 will have ISO's that will use GRUB only for legacy BIOS and systemd-boot for modern UEFI systems.

kube-apiserver Authorization Config

When using .cluster.apiServer.authorizationConfig the user provided order for the authorizers is honoured and Node and RBAC authorizers are always added to the end if not explicitly specified.

Eg: If user provides only Webhook authorizer, the final order will be Webhook, Node, RBAC.

To provide a specific order for Node or RBAC explicitly, user can provide the authorizer in the order they want.

Eg:

cluster:
  apiServer:
    authorizationConfig:
      - type: Node
        name: Node
      - type: Webhook
        name: Webhook
        webhook:
          connectionInfo:
            type: InClusterConfig
        ...
      - type: RBAC
        name: rbac

Usage of authorization-mode CLI argument will not support this form of customization.

NVMe NQN

Talos now generates /etc/nvme/hostnqn and /etc/nvme/hostid files based on the node identity which is tied to the lifecycle of the node.

The NQN can be read by talosctl read /etc/nvme/hostnqn

Fully bootstrapped builds

Talos 1.10 is built with a toolchain based on [Stageˣ], which is a project building fully bootstrapped software.
This change increases reproducibility, auditability and security of Talos builds.

This also changes Talos root filesystem structure for unified /usr, with other directories symlinking to /usr/bin and /usr/lib.
System extensions must move their directories accordingly for 1.10.

Component Updates

Linux: 6.12.17
CNI plugins: 1.6.2
runc: 1.2.5
containerd: 2.0.3
etcd: 3.5.18
Flannel: 0.26.4
Kubernetes: 1.33.0-alpha.2

Talos is built with Go 1.24.0.

Contributors

Andrey Smirnov
Noel Georgi
Dmitry Sharshakov
Dmitriy Matrenichev
Dmitrii Sharshakov
Justin Garrison
Mathspy
Nico Berlee
Skyler Mäntysaari
Utku Ozdemir
ihelmer07
459below
Alexis La Goutte
Andrew Longwill
Andrew Symington
Christian Luetke-Stetzkamp
Christoph Hoopmann
Devin Buhl
Dominik Masur
Florian Grignon
Ganawa Juanah
Jason Benedicic
Joakim Nohlgård
K Birt
KillianCdP
L.J. Hanson
Louis SCHNEIDER
Marcel Hamer
Mikhail Petrov
Motte
Natalie Romana Albers
Orzelius
PRIHLOP
Ram
Robin Elfrink
Ryan Jacobs
Serge Logvinov
Thomas Gosteli
Tim Olson
Tine Jozelj
TomyLobo
bzub
greenpsi
sflotat2607
suse-coder

Changes

221 commits

ab6cb3dfa chore: disable azure upload
2355218e4 release(v1.10.0-alpha.2): prepare release
d4e3e957c fix(ci): fix integration tests
1849b5388 feat: update dependencies
88fc6bbeb test: fix UKI preserving talos.config and image cache
ba8cd304d test: enable image-cache in the cron
28b5dc738 test: fix reproduciblity test
50998038b feat: prefer sd-boot for UEFI
e831e52e0 feat: add support for qla2xx
ec5c049a5 feat: update Kubernetes to 1.33.0-alpha.2
ebfa82f35 docs: update deprecated command
d79059a2c chore: fix shutdown typo in shutdown sequence
a3f88d2ef fix: block NodePort services with ingress firewall
fd8131cb8 feat: generate unified installer
ebfdb91b4 fix: handle dynamic HTTP proxy settings for discovery client
d45eaeb74 fix: correctly map link names/aliases when using VIP operator
7c4e47c0c chore: stop doing generate on each build
b1d410cb6 feat: dual boot disk image
468e318ba fix: multiple fixes for dashboard/no data
3dd8d9aed docs: update resetting-a-machine.md to include example of reset
7af8f6b2f feat: validate docker image references in upgrade options
c949f55e6 docs: remove typo on resetting a machine page
f5c097041 feat: add description to schema object defs
79ee304e1 chore: update enumer to a version that fixes Go 1.24 compatibility
46d67fe44 chore: update Go to 1.24, update pkgs
7f1dd2669 fix(ci): fix integration-misc crons
26a773d3f docs: add a note about syslog sending messages to services
7ce053638 fix: ignore digest part of images when checking version
ae1b00354 feat: support noclooud instance-id from dmi
58661dea7 docs: update getting-started.md
94cf9fb84 chore: fix spurious generate failures
32a34791e fix: typo in Makefile target talosctl-freebsd-arm64
1b4464c8a feat: update Kubernetes to 1.32.2
9463ac23e fix: make ingress firewall filter traffic to nodeports
8531d91a1 fix: blockdevice transport detection
ce616d93a fix: path for ca-certificates
f35b58779 fix: fix diff printing
bf0f910a1 chore: provide more logging for dns requests
607998ba2 feat: support uki profiles via imager
711cf2d99 fix: ignore errors to stop pods
142d75483 fix: handle empty registry config
47f377b21 feat: implement the last ethtool feature - channels
88cf69b8c feat: multi profile UKIs
557faad75 feat: update Linux to 6.12.13
5dbf9e350 refactor: implement volume mount controller
aa11e9abb fix: make image cache volume management less strict
26a62e342 docs: fix typo in Wireguard docs
0419f5d8b feat: implement features in ethtool-like support
cd66fc6e8 feat: use bootstrapped packages for building Talos
2b5bd5d1d chore: upgrade siderolabs/go-loadbalancer
15191aa3e fix: extract cmdline multi profile UKIs
716f700da feat: provide initial support for ethtool configuration
b726e2f9f feat: update Flannel to 0.26.4
98d56d4d6 chore: track opened grpc connections
5e28c8e03 fix: image cache volume provisioning
c9667813d chore: remove containerd importer
270ffb69a fix: duplicate qemu drive ids
71ec41be1 fix: build of Talos on non-Linux host
e2aa7c98c fix: installer with SecureBoot should contain UKIs
6e22c06c3 release(v1.10.0-alpha.1): prepare release
3a2d9867b fix: do not close client.Client.conn with finalizer
73f30ff25 feat: bump pkgs for udev update
aea90cb8f docs: update hyper-v
b7165615f fix: use local NTP for AWS platform
673ca4bcb fix: ensure proper closure of client.Client.conn with finalizer
19040ffd6 fix: handle of PE sections with duplicate names
83489d348 docs: add note about vmxnet and flannel conflict
f1292f5e7 docs: add iscsi-tools extension to prerequisites
93b4a3740 test: bump timeout on rotate CA test
42e166984 feat: support kexec from uki
8da264946 docs: add Orange Pi 5 to Image Factory platforms and documentation
c5fb62e2e feat: update Linux to 6.2.11
83d007c16 feat: update etcd to 3.5.18
edf7c3288 fix: pe uki extract
70f72c5b0 docs: update multus.md
807a3cd29 refactor: all network merge controllers
ec8c4660e docs: update vmware.md
baf81cd49 fix(ci): k8s integration suite wait for resource
cd5e54903 feat: generate iso's with both UKI and grub
75673b6a3 feat: provide stable symlinks in disk resources
f407c88e4 fix(ci): wait for longhorn node resource
601cdccb9 feat: extract kernel/initrd from uki for grub
ff175b9fb docs: update disk-encryption.md
a8d84e315 docs: fix typos and add more explanations in docs
3a384240e fix: invalid date field in iqn/nqn
82c9ec158 chore(ci): add tests with longhorn v2 engine
689ea1dbf fix: bring back disk UUID
7a712fad2 fix: disks with 4k sector size and systemd-boot
d62a34aaf feat: update tools/pkgs/extras
b9a8ad6ac chore: de-hardcode list of extra images for image-cache test
683153a33 docs: remove the last mentions of preserve flag for Talos 1.8+
33c7f4195 docs: fix typo an MacOS to on MacOS
21cff3919 chore(ci): fio benchmark results as separate artifacts
0b7fc7cdf fix: abort node watch on hostname change
99ba53941 docs: remove the mention of preserve flag for Talos 1.8+
bde516fde chore(ci): rework iscsi-tools extensions test
e1efbf656 refactor: extract platform metadata into Talos machinery
79987c05d feat: generate iqn and nqn files
0cab6ed17 docs: update troubleshooting.md
921e10254 chore: update Go to 1.23.5
399d53b54 fix: ignore forbidden error when waiting for pod eviction
8dea57a81 fix: make etc binds read-only
63157dcb4 docs: update SideroLinkConfig example
fc7080e34 chore: clear cache after updating upstreams
51e0f273f docs: update documentation for Talos 1.9.2
e06b14112 feat: update Kubernetes to 1.32.1
4310b290d fix: generate UKI only if actually needed
a8cd99102 docs: update OpenEBS Mayastor installation
cf45f4764 docs: add Radxa ROCK 5B docs to Single Board Computer section
b21bdc5e5 chore(ci): save csi tests fio results
01c86832c chore(ci): add test for OpenEBS MayaStor
c77483510 test: update talosctl debug air-gapped
ddd695d93 feat: update containerd to 2.0.2
da2e81120 fix: add informer resync period for node status watcher
9b957df64 chore: uki code restructure
e41a99525 fix: kube-apiserver authorizers order
db4ca5668 feat: add a kernel parameter to disable built-in auditd
faa149003 feat: update Linux to 6.12.9
8de19758d fix: a couple of imager panics/crashes
5bc3e34cb fix: detect GPT before ZFS
ed7e47d15 refactor: drop usage of objcopy to generate UKIs
edf5c5e29 fix: extfs repair and resize
6e32ea5b7 fix: merge of VolumeConfig documents with sizes
1be5f8ff2 feat: update Linux to 6.12.8
e6a4583ba feat: support generating unsigned UKIs
bbd6067d4 fix: partition alignment on disks with 4k sectors
84fcc976f fix: yet another dashboard panic
6d605fc85 fix: disable NRI plugin in a different way
499695e24 fix: request previous IP address in discovery
cc84caf8c docs: update Cilium documentation
fa5300d91 chore: revert: drop deprecated allowSchedulingOnMasters
0abb3dabf docs: fix command to wait for ceph-rook HEALTH_OK
32c67c27c chore: drop deprecated allowSchedulingOnMasters
ae6d065be fix: mount selinuxfs only when SELinux is enabled
5ccbf4bcd feat: enable configfs
59582496d feat: bring in partity with sd-257
83d84a831 chore(ci): better zfs checks
650eb3a4f refactor: rewrite cloud uploader to use AWS SDK Go v2
01bf8449b fix: update field name for bus path disk selector
e915c98d5 fix: exclude disks with empty transport for disk selector
b7a7fdc4b refactor: generate /etc/os-release file static way
e79c9e127 chore(ci): drop equinix metal e2e-test
418945444 fix: build of talosctl on non-Linux platforms
4761a9e6a chore: update dependencies
f98efb333 fix: ignore member not found error on leave cluster
b72bda0a4 fix: talosctl support and race tests
27233cf0f test: use node informer instead of raw watch
5dc15e8db fix: update go-blockdevice to v2.0.9
5f3acd0f2 fix: use correct default search domain
7e5d36d46 fix: pci driver rebind config validation
4b97bbc3f fix: pull in containerd CNI deadlock fix
066480722 test: fix apparmor tests
82ea44a6b fix: reduce installer image
78b3e7f4f fix: get next rule number for IPv6 in the appropriate chain
675854aa0 docs: fix two typos
f70b7386a test: add a xfs makefs test
8212e4864 refactor: use quirks in kernel args
b4aa5189d release(v1.10.0-alpha.0): prepare release
bd85bd5b7 fix: fix Failed to initialize SELinux labeling handle udev error
73c82e3e5 feat: bring Linux 6.12.6, CNI plugins 1.6.1
c12b52491 docs: document Kubernetes service registry incompat with K8s 1.32
a5660ed77 feat: pcirebind controller
4c3261626 docs: fix several typos
fb3675321 fix: dashboard crash on CPU data
dec0185c8 chore: reduce memory usage for secureboot functions
cee6c60a0 fix: make talosctl time work with PTP time sync
f75604313 chore: support gcr.io auth for cache and image gen
6ef2596da docs: improve Hetzner documentation
7d39b9ec2 feat: remove cgroupsv1 in non-container mode
8003536c7 fix: restore previous disk serial fetching
03116ef9b chore: prepare for Talos 1.10
00682fdd6 docs: activate 1.9 docs as default
bea05f5c9 docs: update deploying-cilium.md
284ab1179 feat: support link altnames/aliases
5bfd829bf docs: fix 'containter' typo
8d151b771 docs: clarify TALOSCONFIG for AWS
0ef19171f fix: renovate typo
c568adc7d fix: renovate config
ec2e24fd9 fix: match MAC addresses case-insensitive (nocloud)
41a0c440a chore: rekres for renovate changes
a49bb9ee4 feat: update Linux to 6.12.5
b15917ecc chore: add more debugging logs for META and volumes
2b1b326f0 docs: mention different paths for OpenEBS
9470e842f test: cleanup failed Kubernetes pods
c9c685150 fix: node identity flip
590c01657 feat: update containerd to v2.0.1
18fa5a258 docs: update image-cache doc for iso
ab5bb6884 fix: generate and serve registries with port
58236066d fix: support image cache on VFAT USB stick
e193a5071 fix: image cache integration test
08ee400fd test: fix flaky test NodeAddressSort
d45e8d1d1 feat: update Kubernetes to 1.32.0
136b12912 chore: drop semicolon for supporting vfat filesystems
3e9e027ef test: add an option to boot from an USB stick
ef8c3e3b3 docs: fix typo in multus.md
d54414add fix: authorization config gen
cce72cfe8 docs: replace deprecated Hetzner server plans
81805103d chore: enable proper parallel usage of TestDepth
e1b824eba docs: update ceph-with-rook.md
470b75563 fix: use mtu network option for podman
61b1489a0 fix: order volume config by the requested size
bc3039acd feat: update runc to 1.2.3
30016a0a8 fix: avoid nil-pointer-panic in RegistriesConfigController
fe0457152 fix: power on the machine on reboot request in qemu power api
10da553ef docs: build what's new for 1.9
d946ccae3 feat: update Linux to 6.12.4
707a77bf6 test: fix user namespace test, TPM2 fixes
c3537b2f5 feat: update Linux to 6.12.3
cb4d9d673 docs: fix a few mistakes in release notes
c4724fc97 chore: add integration tests for image-cache
07220fe7f fix: install iptables-nft to the host
14841750b chore: add version compatibility for Talos 1.10
852baf819 feat: support vlan/bond in v1, vlan in v2 for nocloud
dd61ad861 fix: lock provisioning order of user disk partitions
d0773ff09 chore: update Go to 1.23.4
7d6507189 feat: implement new address sorting algorithm
9081506d6 feat: add process scheduling options
77e9db4ab test: use two workers in qemu tests by default
5a4bdf62a feat: update Kubernetes to 1.32.0-rc.1
d99bcc950 chore: refactor mergeDNSServers func
0cde08d8b docs: add Turing RK1 docs to Single Board Computer section

Changes since v1.10.0-alpha.1

59 commits

ab6cb3dfa chore: disable azure upload
2355218e4 release(v1.10.0-alpha.2): prepare release
d4e3e957c fix(ci): fix integration tests
1849b5388 feat: update dependencies
88fc6bbeb test: fix UKI preserving talos.config and image cache
ba8cd304d test: enable image-cache in the cron
28b5dc738 test: fix reproduciblity test
50998038b feat: prefer sd-boot for UEFI
e831e52e0 feat: add support for qla2xx
ec5c049a5 feat: update Kubernetes to 1.33.0-alpha.2
ebfa82f35 docs: update deprecated command
d79059a2c chore: fix shutdown typo in shutdown sequence
a3f88d2ef fix: block NodePort services with ingress firewall
fd8131cb8 feat: generate unified installer
ebfdb91b4 fix: handle dynamic HTTP proxy settings for discovery client
d45eaeb74 fix: correctly map link names/aliases when using VIP operator
7c4e47c0c chore: stop doing generate on each build
b1d410cb6 feat: dual boot disk image
468e318ba fix: multiple fixes for dashboard/no data
3dd8d9aed docs: update resetting-a-machine.md to include example of reset
7af8f6b2f feat: validate docker image references in upgrade options
c949f55e6 docs: remove typo on resetting a machine page
f5c097041 feat: add description to schema object defs
79ee304e1 chore: update enumer to a version that fixes Go 1.24 compatibility
46d67fe44 chore: update Go to 1.24, update pkgs
7f1dd2669 fix(ci): fix integration-misc crons
26a773d3f docs: add a note about syslog sending messages to services
7ce053638 fix: ignore digest part of images when checking version
ae1b00354 feat: support noclooud instance-id from dmi
58661dea7 docs: update getting-started.md
94cf9fb84 chore: fix spurious generate failures
32a34791e fix: typo in Makefile target talosctl-freebsd-arm64
1b4464c8a feat: update Kubernetes to 1.32.2
9463ac23e fix: make ingress firewall filter traffic to nodeports
8531d91a1 fix: blockdevice transport detection
ce616d93a fix: path for ca-certificates
f35b58779 fix: fix diff printing
bf0f910a1 chore: provide more logging for dns requests
607998ba2 feat: support uki profiles via imager
711cf2d99 fix: ignore errors to stop pods
142d75483 fix: handle empty registry config
47f377b21 feat: implement the last ethtool feature - channels
88cf69b8c feat: multi profile UKIs
557faad75 feat: update Linux to 6.12.13
5dbf9e350 refactor: implement volume mount controller
aa11e9abb fix: make image cache volume management less strict
26a62e342 docs: fix typo in Wireguard docs
0419f5d8b feat: implement features in ethtool-like support
cd66fc6e8 feat: use bootstrapped packages for building Talos
2b5bd5d1d chore: upgrade siderolabs/go-loadbalancer
15191aa3e fix: extract cmdline multi profile UKIs
716f700da feat: provide initial support for ethtool configuration
b726e2f9f feat: update Flannel to 0.26.4
98d56d4d6 chore: track opened grpc connections
5e28c8e03 fix: image cache volume provisioning
c9667813d chore: remove containerd importer
270ffb69a fix: duplicate qemu drive ids
71ec41be1 fix: build of Talos on non-Linux host
e2aa7c98c fix: installer with SecureBoot should contain UKIs

Changes from siderolabs/crypto

1 commit

siderolabs/crypto@0d45dee chore: bump deps

Changes from siderolabs/discovery-api

1 commit

siderolabs/discovery-api@64513a6 feat: rekres, regenerate proto files

Changes from siderolabs/discovery-client

1 commit

siderolabs/discovery-client@b3632c4 feat: support extra dial options in the client

Changes from siderolabs/extras

6 commits

siderolabs/extras@4102a78 feat: build hermetically using new bldr and pkgs
siderolabs/extras@f4a110f fix: build tc-redirect-tap as static binary
siderolabs/extras@0840abb fix: pull in fixed CNI plugins from pkgs
siderolabs/extras@52c217f feat: update dependencies
siderolabs/extras@f755eb4 chore: rekres to simplify .kres.yaml defaults
siderolabs/extras@e5382fc chore: kresify renovate

Changes from siderolabs/gen

1 commit

siderolabs/gen@5ae3afe chore: update hashtriemap implementation from the latest upstream

Changes from siderolabs/go-circular

2 commits

siderolabs/go-circular@015a398 fix: replace static buffer allocation on growth
siderolabs/go-circular@ed8685e test: add more assertions for write length result

Changes from siderolabs/go-debug

1 commit

siderolabs/go-debug@ea108ca chore: add support for Go 1.24

Changes from siderolabs/go-kubernetes

1 commit

siderolabs/go-kubernetes@804cb44 feat: add support for Kubernetes to 1.33

Changes from siderolabs/go-loadbalancer

1 commit

siderolabs/go-loadbalancer@589c33a chore: upgrade upstream.List and loadbalancer.TCP to Go 1.23

Changes from siderolabs/go-talos-support

1 commit

siderolabs/go-talos-support@0f784bd fix: avoid deadlock on context cancel

Changes from siderolabs/pkgs

50 commits

siderolabs/pkgs@347ad26 feat: update Linux 6.12.17, containerd 2.0.3
siderolabs/pkgs@40241af feat: enable qla2xxx module
siderolabs/pkgs@6fb00b4 fix: pull in kmod from tools
siderolabs/pkgs@cc5317a fix: patch Linux with blackhole patch
siderolabs/pkgs@08389dd chore: support vmdk and cp format for qemu-img
siderolabs/pkgs@7774b08 feat: update Linux to 6.12.16, validate package structure
siderolabs/pkgs@40d288c fix: imager deps
siderolabs/pkgs@351a1a1 feat: add tools needed for imager
siderolabs/pkgs@80351ca fix: reproducibility tests
siderolabs/pkgs@e1f11f0 fix: remove patches and other files from copy-only packages
siderolabs/pkgs@8fff06b chore: bump xfsprogs to 6.12.0
siderolabs/pkgs@76a0316 chore: systemd 257.3, runc 1.2.5, ipxe
siderolabs/pkgs@359807b feat: copy built packages, improve hermetic build
siderolabs/pkgs@117a1d6 feat: update Linux to 6.12.13
siderolabs/pkgs@85f8901 feat: make pkgs build bootstrapped
siderolabs/pkgs@5763e3e feat: update systemd to 257.2
siderolabs/pkgs@1e24b31 feat: update Linux to 6.12.11
siderolabs/pkgs@38749d1 fix: build CNI plugins statically linked
siderolabs/pkgs@5da83db feat: bump NVIDIA driver versions
siderolabs/pkgs@5934363 fix: certificates CA
siderolabs/pkgs@57f492d feat: bump dependencies
siderolabs/pkgs@45b9ebe feat: update Linux to 6.2.10
siderolabs/pkgs@e00ad67 chore: rekres to fix reproducibility build
siderolabs/pkgs@cfb4b0a feat: update Go to 1.23.5
siderolabs/pkgs@72f19a2 feat: update containerd to v2.0.2
siderolabs/pkgs@17a80ee feat: update Linux to 6.12.9
siderolabs/pkgs@c9d718d fix: adjust kernel options around ACPI/PCI/EFI
siderolabs/pkgs@eb9d566 feat: update Linux to 6.12.8
siderolabs/pkgs@73e4353 fix: update config-arm64 to add Rasperry Pi watchdog support
siderolabs/pkgs@0ab2427 fix: dvb was missing I2C_MUX support and si2168 driver
siderolabs/pkgs@c3ac8e2 chore: drop unused cert copy
siderolabs/pkgs@e7eddcf feat: bump dependencies
siderolabs/pkgs@0b00e86 fix: patch containerd with CNI deadlock fix
siderolabs/pkgs@9051c9a feat: update Linux to 6.12.6
siderolabs/pkgs@6695012 chore: rekres to simplify .kres.yaml defaults
siderolabs/pkgs@611ca38 chore: rekres to bring renovate under kres
siderolabs/pkgs@a4c4215 fix: drop cgroupsv1 controllers
siderolabs/pkgs@28c909d feat: update Linux firmware to 20241210
siderolabs/pkgs@c40a9e9 feat: update Linux to 6.12.5
siderolabs/pkgs@d54ca83 feat: update containerd to v2.0.1
siderolabs/pkgs@86e3755 fix: add CONFIG_INTEL_MEI_GSC_PROXY as module
siderolabs/pkgs@8c31321 feat: update ZFS to 2.2.7
siderolabs/pkgs@605f493 feat: update runc to v1.2.3
siderolabs/pkgs@1a55529 feat: update Linux to 6.12.4
siderolabs/pkgs@52ba9a5 feat: update Linux 6.12.3
siderolabs/pkgs@9cf35be feat: build host iptables with nftables support
siderolabs/pkgs@71003a3 feat: update Go to 1.23.4
siderolabs/pkgs@5b4d402 feat: build dvb kernel modules and CX23885
siderolabs/pkgs@b330af9 chore: bring in KSPP recommendations
siderolabs/pkgs@f81b190 feat: kernel driver support for RK3588 devices (Turing RK1)

Changes from siderolabs/proto-codec

1 commit

siderolabs/proto-codec@3235c29 chore: bump deps

Changes from siderolabs/siderolink

1 commit

siderolabs/siderolink@38e459e chore: bump deps

Changes from siderolabs/tools

19 commits

siderolabs/tools@fcee25b fix: revert kmod to 33
siderolabs/tools@6a71711 fix: do not install man and locale for exported packages
siderolabs/tools@3389ba2 chore: move zlib to be an external package
siderolabs/tools@d93b780 chore: expose more tools
siderolabs/tools@46be459 chore: remove systemd version
siderolabs/tools@f33fbe4 fix: install policycoreutils under correct prefix
siderolabs/tools@758d61c chore: update dependencies
siderolabs/tools@f398a04 chore: update dependencies, hermetic build
siderolabs/tools@9db33dd feat: update to Go 1.23.6
siderolabs/tools@ef0a679 fix: do not install anything to /usr/lib64
siderolabs/tools@35748ea feat: fully bootstrapped build
siderolabs/tools@7200845 feat: update dependencies
siderolabs/tools@bc30a2a feat: update Go to 1.23.5
siderolabs/tools@533b595 chore: rekres to fix reproducibility
siderolabs/tools@01568a5 chore: use Make and Go from the toolchain image
siderolabs/tools@0393558 feat: bump dependencies
siderolabs/tools@7811a5f chore: rekres to simplify .kres.yaml defaults
siderolabs/tools@0b8b905 chore: kresify renovate config
siderolabs/tools@fe34fb3 feat: update Go to 1.23.4

Dependency Changes

cloud.google.com/go/compute/metadata v0.5.2 -> v0.6.0
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 -> v1.17.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 -> v1.8.2
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.3.0 -> v1.3.1
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 -> v1.3.1
github.com/aws/aws-sdk-go-v2/config v1.28.5 -> v1.29.8
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 -> v1.16.30
github.com/aws/aws-sdk-go-v2/service/kms v1.37.6 -> v1.38.0
github.com/aws/smithy-go v1.22.1 -> v1.22.3
github.com/containerd/cgroups/v3 v3.0.4 -> v3.0.5
github.com/containerd/containerd/v2 v2.0.1 -> v2.0.3
github.com/containerd/platforms v1.0.0-rc.0 -> v1.0.0-rc.1
github.com/containernetworking/plugins v1.6.0 -> v1.6.2
github.com/cosi-project/runtime v0.7.6 -> v0.10.0
github.com/docker/cli v27.3.1 -> v28.0.1
github.com/docker/docker v27.3.1 -> v28.0.1
github.com/foxboron/go-uefi fab4fdf2f2f3 -> 69fb7dba244f
github.com/gdamore/tcell/v2 v2.7.4 -> v2.8.1
github.com/google/cel-go v0.22.1 -> v0.24.1
github.com/google/go-containerregistry v0.20.2 -> v0.20.3
github.com/google/go-tpm v0.9.1 -> v0.9.3
github.com/google/nftables v0.2.0 -> v0.3.0
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 -> v2.3.0
github.com/hetznercloud/hcloud-go/v2 v2.17.0 -> v2.19.1
github.com/insomniacslk/dhcp a3a4c1f04475 -> 8abf58130905
github.com/klauspost/compress v1.17.11 -> v1.18.0
github.com/klauspost/cpuid/v2 v2.2.9 -> v2.2.10
github.com/mdlayher/netlink v1.7.2 -> fbb4dce95f42
github.com/miekg/dns v1.1.62 -> v1.1.63
github.com/opencontainers/runc v1.2.2 -> v1.2.5
github.com/opencontainers/runtime-spec v1.2.0 -> v1.2.1
github.com/rivo/tview c76f7879f592 -> 17b7edb88c57
github.com/safchain/ethtool v0.5.9 -> v0.5.10
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 -> v1.0.0-beta.32
github.com/siderolabs/crypto v0.5.0 -> v0.5.1
github.com/siderolabs/discovery-api v0.1.5 -> v0.1.6
github.com/siderolabs/discovery-client v0.1.10 -> v0.1.11
github.com/siderolabs/extras v1.9.0 -> v1.10.0-alpha.0-3-g4102a78
github.com/siderolabs/gen v0.7.0 -> v0.8.0
github.com/siderolabs/go-blockdevice/v2 v2.0.7 -> v2.0.16
github.com/siderolabs/go-circular v0.2.1 -> v0.2.2
github.com/siderolabs/go-debug v0.4.0 -> v0.5.0
github.com/siderolabs/go-kubernetes v0.2.17 -> v0.2.18
github.com/siderolabs/go-loadbalancer v0.3.4 -> v0.4.0
github.com/siderolabs/go-talos-support v0.1.1 -> v0.1.2
github.com/siderolabs/pkgs v1.9.0-12-g9576b97 -> v1.10.0-alpha.0-49-g347ad26
github.com/siderolabs/proto-codec v0.1.1 -> v0.1.2
github.com/siderolabs/siderolink v0.3.11 -> v0.3.12
github.com/siderolabs/talos/pkg/machinery v1.9.0 -> v1.10.0-alpha.2
github.com/siderolabs/tools v1.9.0-1-geaad82f -> v1.10.0-alpha.0-18-gfcee25b
github.com/spf13/cobra v1.8.1 -> v1.9.1
github.com/spf13/pflag v1.0.5 -> v1.0.6
github.com/thejerf/suture/v4 v4.0.5 -> v4.0.6
go.etcd.io/etcd/api/v3 v3.5.17 -> v3.5.18
go.etcd.io/etcd/client/pkg/v3 v3.5.17 -> v3.5.18
go.etcd.io/etcd/client/v3 v3.5.17 -> v3.5.18
go.etcd.io/etcd/etcdutl/v3 v3.5.17 -> v3.5.18
golang.org/x/net v0.32.0 -> v0.35.0
golang.org/x/oauth2 v0.24.0 -> v0.27.0
golang.org/x/sync v0.10.0 -> v0.11.0
golang.org/x/sys v0.28.0 -> v0.30.0
golang.org/x/term v0.27.0 -> v0.29.0
golang.org/x/text v0.21.0 -> v0.22.0
golang.org/x/time v0.8.0 -> v0.10.0
golang.zx2c4.com/wireguard/wgctrl 925a1e7659e6 -> a9ab2273dd10
google.golang.org/grpc v1.68.1 -> v1.70.0
google.golang.org/protobuf v1.35.2 -> v1.36.5
k8s.io/api v0.32.0 -> v0.33.0-alpha.2
k8s.io/apimachinery v0.32.0 -> v0.33.0-alpha.2
k8s.io/apiserver v0.32.0 -> v0.33.0-alpha.2
k8s.io/client-go v0.32.0 -> v0.33.0-alpha.2
k8s.io/component-base v0.32.0 -> v0.33.0-alpha.2
k8s.io/cri-api v0.32.0 -> v0.33.0-alpha.2
k8s.io/kube-scheduler v0.32.0 -> v0.33.0-alpha.2
k8s.io/kubectl v0.32.0 -> v0.33.0-alpha.2
k8s.io/kubelet v0.32.0 -> v0.33.0-alpha.2
k8s.io/pod-security-admission v0.32.0 -> v0.33.0-alpha.2
kernel.org/pub/linux/libs/security/libcap/cap v1.2.72 -> v1.2.73

Previous release can be found at v1.9.0

Images

ghcr.io/siderolabs/flannel:v0.26.4
registry.k8s.io/coredns/coredns:v1.12.0
gcr.io/etcd-development/etcd:v3.5.18
registry.k8s.io/kube-apiserver:v1.33.0-alpha.2
registry.k8s.io/kube-controller-manager:v1.33.0-alpha.2
registry.k8s.io/kube-scheduler:v1.33.0-alpha.2
registry.k8s.io/kube-proxy:v1.33.0-alpha.2
ghcr.io/siderolabs/kubelet:v1.33.0-alpha.2
ghcr.io/siderolabs/installer:v1.10.0-alpha.2
registry.k8s.io/pause:3.10