siderolabs/talos v1.11.0-alpha.3 on GitHub

Talos 1.11.0-alpha.3 (2025-07-02)

Welcome to the v1.11.0-alpha.3 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Azure

Talos on Azure now defaults to MTU of 1400 bytes for the eth0 interface to avoid packet fragmentation issues.
The default MTU can be overriden with machine configuration.

IMA support removed

Talos now drops the IMA (Integrity Measurement Architecture) support. This feature was not used in Talos for any meaningful security purpose
and has historically caused performance issues. See #11133 for more details.

Kubernetes Version Validation

Talos now validates Kubernetes version in the image submitted in the machine configuration.
Previously this check was performed only on upgrade, but now it is consistently applied to upgrade, initial provisioning, and machine configuration updates.

This implies that all image references should contain the tag, even if the image is pinned by digest.

Qemu provisioner on MacOS

On MacOS talosctl cluster create command now supports the Qemu provisioner in addition to the Docker provisioner.

Swap Suport

Talos now supports swap on block devices.
This feature can be enable by using SwapVolumeConfig document in the machine configuration.

Component Updates

Linux: 6.12.35
Kubernetes: 1.34.0-alpha.2
runc: 1.3.0
containerd: 2.1.3
Flannel CNI plugin: 1.7.1-flannel1
Flannel: 0.27.0
CoreDNS: 1.12.2

Talos is built with Go 1.24.4.

VMware

Talos VMWare platform now supports arm64 architecture in addition to amd64.

Zswap Support

Talos now supports zswap, a compressed cache for swap pages.
This feature can be enabled by using ZswapConfig document in the machine configuration.

Contributors

Andrey Smirnov
Noel Georgi
Orzelius
Orzelius
Justin Garrison
Spencer Smith
Till Hoffmann
Utku Ozdemir
Artem Chernyshev
Dmitrii Sharshakov
Michael Robbins
Steve Francis
Andrew Longwill
Marat Bakeev
Olav Thoresen
Thibault VINCENT
Alvaro "Chamo" Linares Cabre
Brian Brookman
Bryan Mora
Clément Nussbaumer
Damien
David R
Dennis Marttinen
Dmitriy Matrenichev
Joakim Nohlgård
Jorik Jonker
Justin Seely
Luke Cousins
Marco Mihai Condrache
Markus Reiter
Martyn Ranyard
Michael Moerz
Mike
Tan Siewert
Tom Keur
jvanthienen-gluo
killcity
yashutanu

Changes

171 commits

7fd0e8fc7 release(v1.11.0-alpha.3): prepare release
777335f23 chore: improve cloud image uploader resilience
14e5eee7d release(v1.11.0-alpha.2): prepare release
1e5a008f5 fix: hold user volume mount point across kubelet restarts
cdad50590 docs: user volumes and kubernetes upgrade updates
c880835c8 feat: implement zswap support
7f0300f10 feat: update dependencies, Kubernetes 1.34.0-alpha.2
61afbe3d2 docs: add vc4 documentation
b9dbdc8e7 fix: etcd recover with multiple advertised addresses
19d94c357 feat: update Linux to 6.12.35, containerd to 2.1.3
44a1fc3b7 fix: treat context canceled as expected error on image pull
4da2dd537 feat: enforce Kubernetes version compatibility
6c7f8201a fix: set default MTU on Azure to 1400
091cd6989 docs: small yaml typo fix
66ecbd48f docs: update support matrix with omni version
c948d7617 docs: minor fixes for creating kernel modules
cc14c4a25 docs: add docs for creating kernel modules
93bcd3b56 docs: create SBOM for Go dependencies
38c4ce415 feat: add user-space InfiniBand modules
251dc934f feat: arm64 support for platform vmware
09b3ad577 feat: update containerd to 2.1.2
0767dd07b chore: enable --with-siderolink-agent on Darwin
9642198d7 fix: userspace wireguard library overrides
208f0763e chore: fix talosctl build on non-Linux hosts
87421af87 docs: expand documentation description
d32ccfa59 feat: implement swap support
8f5cf81db docs: update kvm documentation
8e84c8b0f fix: nil pointer deref in quirk
6e74a3676 docs: aad ery basic details on how to run on scaleway
260d1bc9a fix: correctl close encrypted volumes
034ef42af fix: update siderolink library for wgtunnel panic fix
3035744a8 fix: correctly predict interface name on darwin
cfcfad3c4 chore: move checkUnknownKeys function to github.com/siderolabs/gen
5ecc53c69 docs: add macos section to developing-talos.md
b5b35307f chore: update Go to 1.24.4
fde772d8d feat: update Flannel to 0.27.0
81ca27949 release(v1.11.0-alpha.1): prepare release
58a868e68 chore: fix renovate config, add release-gate label
a59aaee84 feat: bump dependencies, Linux 6.12.31
e954ee30a docs: typo correction: LongHorn -> Longhorn
aab053394 fix: mashal resource byte slices as strings in YAML
c7d4191e7 fix: rework the way CRI config generation is waited for
0114183de docs: update lastRelease to 1.10.3
938b0760a docs: update issue template
2a7b735b2 feat: drop IMA support
2d5a805b0 fix: typo in DiscoverdVolume spec
60c12bad9 feat: support nocloud include url userdata directive
0fd622c82 fix(talosctl): correct --help output for dashboard command
a90c936a1 feat: support qemu provisioner on darwin
5322ca0d3 docs: update overlay docs
a60b6322d fix(ci): drop nebula from extensions test
dbbb59a67 docs: add note for default dataDirHostPath for Rook
e26054378 docs: macos qemu provider
5d0224093 docs: use the cilium-cli image repo in the job installation manifest
ff80e4cca docs: fix CIDR name
a5fd15e8b fix(ci): reproducibility test
8f8963e50 docs: update Nexxen brand
c6b86872d fix(ci): iso reproducibility file permissions
995a1dec4 chore: add a check for unsupported darwin flags
9db5d0c97 fix: nocloud metadata for hostname
3cf325654 feat: modularize more arm64 kernel
3524745cc fix: allow any PKI in Talos API
f438cdb09 chore: use custom dhcpd server on macos qemu
11c17fb9a fix: metal-iso reproducibility
7fcb89ee3 chore: add darwin vmnet qemu support
fc1237343 chore: clean up /usr/bin
b551f32ce feat: update containerd to v2.1.1
67f4154f9 docs: update disk-management.md
0cb137ad7 fix: make disk size check work on old Talos
7c057edd5 fix: use vmdk-convert istead of qemu-img to create VMDK for OVA files
cd618dad0 chore: update the go-blockdevice package
0b99631a0 fix: bump apid memory limit
5451f35b1 docs: update virtualbox
bd4d202a5 refactor: bring owned.State from COSI to simplify tests
0b96df574 feat: update containerd to 2.1.0
e1a939144 docs: fix formatting in disk encryption
7a817df1c docs: fix typo
f35b213b2 test: fix DHCP unicast failures in QEMU environment
7064bbf05 docs: fix vmware factory URL
78c33bcdb feat: update default Kubernetes to v1.33.1
da6795266 fix: disable automatic MAC assignment to bridge interfaces
ca34adf58 chore(ci): drop azure keys
ea5de19fa fix: selinux detection
52c76ea3a fix: consistently apply dynamic grpc proxy dialer
aa9569e5d chore: refactor cluster create cmd flags
1161faa05 docs: fix typo in Cilium docs
164745e44 docs: remove preserve flag mention in upgrade notes
9a2ecbaaf fix: makefile operating system param
118aa69d6 chore: update cloud-image-uploader dependencies
acdd721cf chore: dump qemu pachine ipam records on darwin
bb9094534 chore: rotate aws iam credentials
0bfa4ae1b chore: update deps for cloud-image-uploader
956d7c71b chore: update sops keys
e2f819d88 test: fix the process runner log collection
fdac4cfb9 fix: upgrade go-kubernetes for DRA flag bug
09d88e1e8 test: fix some flaky tests
ec1f41a94 chore: make qemu config server bind work on darwin
980f4d2b9 feat: bump dependencies
95259337e fix: k8s 1.32->1.33 upgrade check
c3c326b40 fix: improve volume mounter automaton
918b94d9a refactor: rewrite disk size check
ab7e693d7 chore: make qemu lb address bind work on darwin
97ceab001 fix: multiple logic issues in platform network config controller
46349a9df docs: remove azure image gallery instructions
0cfcdd3de docs: fix search on base talos.dev
78646b4e0 docs: add registryd debug command
c6824c211 fix: deny apply config requests without v1alpha1 in "normal" mode
7df0408e4 fix: interactive installer config gen
881c5d62b fix: suppress duplicate platform config updates
66d77888e fix: replace downloaded asset paths correctly in cluster create cmd
6bd6c9b5a fix: generate iso greater than 4 gig
ac140324e fix: skip PCR extension if TPM1.2 is found
09ef1f8a4 fix: ignore http proxy on grpc socket dial
22a72dc80 chore: split options between three structs
22c34a50f fix(ci): provision cron jobs
b3b20eff3 fix: containerd crashing with sigsegv
f7891c301 chore: calculate vmnet interface name preemptively
ae87edffb fix: drop libseccomp from rootfs
f74a805bb fix: do correct backoff for nocloud reconcile
01bb294af fix(ci): provision tests
e4945be3b docs: add registryd debug command
d8c670ad3 release(v1.11.0-alpha.0): prepare release
ace44ea61 test: update hydrophone to 0.7.0
3a1163692 chore: cross platform qemu preflight checks
7914fb104 chore: move the create command to it's own package
c8e619608 chore: prepare for release 1.11
1299aaa45 chore(ci): add extensions test for Youki runtime
e50ceb221 docs: activate Talos 1.10 docs
9d12aaeb1 test: improve config patch test
106a656b6 chore: make qemu provider build on darwin
8013aa06c test: replace platform metadata test
2b89c2810 fix: relax etcd APIs RBAC requirements
1e677587c fix: preserve kubelet image suffix
62ab8af45 fix: disk image generation with image cache
d60626f01 fix: handle encryption type mismatch
a9109ebd0 feat: allow SideroLink unique token in machine config
2ff3a6e40 feat(kernel): add bcache kernel module to core talos
fa95a2146 fix(ci): bios provision test
f7c5b86be fix: sync PCR extension with volume provisioning lifecycle
f90c79474 chore: show bound driver in pcidevices info
8db34624c fix: handle correctly changing platform network config
77c7a075b feat: update Kubernetes to 1.33.0
74f0c48c7 feat: add version compatibility for Talos 1.11
c4fb7dad0 fix: force DNS runner shutdown on timeout
c49b4836e docs: hetzner: add note about public iso
16ea2b113 docs: add what is new for 1.10
be3f0c018 fix: fix Gvisor tests with containerd patch
37db132b3 chore(ci): add provision test with bios
ec60b70e7 fix: set media type to OCI for image cache layer
a471eb31b feat: update Linux 6.12.24, containerd 2.0.5
54ad5b872 fix: extension services logging to console
601f036ba docs: correct flannel extra args example
ae94377d1 feat: support encryption config for user volumes
9616f6e8d docs: add caveat for kubespan and host ports
a1d08a362 docs: fixes typo at OpenEBS Mayastor worker patches
a91e8726e docs: add a dark theme
c76189c58 fix: grub EFI mount point
4ca985c65 fix: grub efi platform install
b31260281 docs: update storage.md
396a29040 feat: add new SBCs
a902f6580 feat: update Flannel to v0.26.7
2bbefec1a docs: use cache in preview
6028a8d2d docs: update kubeprism.md
e51a8ef8c fix: prefer new MountStatus resource
d9c7e7946 docs: fix search
b32fa029b feat: update Kubernetes to 1.33.0-rc.1
f0ea478cb feat: support address priority
8cd3c8dc7 test: fix NVIDIA OSS tests
62f2d27cd docs: update virtualbox.md
141326ea3 docs: fix tabpane styling
134aa53cc feat: update base CoreDNS code in host DNS to 1.12.1

Changes since v1.11.0-alpha.2

2 commits

7fd0e8fc7 release(v1.11.0-alpha.3): prepare release
777335f23 chore: improve cloud image uploader resilience

Changes from siderolabs/crypto

2 commits

siderolabs/crypto@17107ae fix: add generic CSR generator and OpenSSL interop
siderolabs/crypto@53659fc refactor: split into files

Changes from siderolabs/gen

4 commits

siderolabs/gen@dcb2b74 feat: add panicsafe package
siderolabs/gen@b36ee43 feat: make xyaml.CheckUnknownKeys public
siderolabs/gen@3e319e7 feat: implement xyaml.UnmarshalStrict
siderolabs/gen@7c0324f chore: future-proof HashTrieMap

Changes from siderolabs/go-circular

1 commit

siderolabs/go-circular@5b39ef8 fix: do not log error if chunk zero was never written

Changes from siderolabs/go-kubernetes

3 commits

siderolabs/go-kubernetes@657a74b feat: prepare for Kubernetes 1.34
siderolabs/go-kubernetes@9070be4 fix: remove DynamicResourceAllocation feature gate
siderolabs/go-kubernetes@8cb588b fix: k8s 1.32->1.33 upgrade check

Changes from siderolabs/pkgs

41 commits

siderolabs/pkgs@03bb94c feat: update dependencies
siderolabs/pkgs@c613abd fix: iptables url
siderolabs/pkgs@fae59df fix: download and copy hailo8 firmware
siderolabs/pkgs@fadf1e2 feat: update containerd to 2.1.2
siderolabs/pkgs@a0b0da1 feat: enable io.latency cgroup controller
siderolabs/pkgs@0aaa07a feat: add hailort package
siderolabs/pkgs@8555e94 chore: use ftpmirror for GNU sources
siderolabs/pkgs@9fbe2b4 feat: update Go to 1.24.4
siderolabs/pkgs@79bfa9e feat: update NVIDIA drivers to 570.148.08
siderolabs/pkgs@c8b8bd8 feat: bump dependencies
siderolabs/pkgs@54bf03e feat: update Linux to 6.12.31
siderolabs/pkgs@93b3aaa feat: add patch for CephFS IMA performance regression
siderolabs/pkgs@ebd6627 feat: disable IMA support
siderolabs/pkgs@8aad53b feat: add CONFIG_NFT_CONNLIMIT to kernel
siderolabs/pkgs@7a299fa feat: update Linux to 6.12.30
siderolabs/pkgs@8c4603e feat: move more configs to modules on arm64
siderolabs/pkgs@7b1183b feat(kernel): enable IB user-space management and RDMA
siderolabs/pkgs@1b1430e fix: drop pcre2 binaries
siderolabs/pkgs@487610c fix: drop broken symlinks
siderolabs/pkgs@f31d518 fix: clean up some binaries
siderolabs/pkgs@0f74b9b feat: update containerd to v2.1.1
siderolabs/pkgs@89b4037 fix: tenstorrent pkg name
siderolabs/pkgs@a14b544 chore: drop qemu-tools vmdk support
siderolabs/pkgs@2563e47 feat: add tenstorrent package
siderolabs/pkgs@2a1c42f fix(renovate): flannel config
siderolabs/pkgs@bfa69a8 feat: add open-vmdk package
siderolabs/pkgs@9f1ba1f fix: bring back updated containerd gvisor patch
siderolabs/pkgs@1567cb6 feat: update Linux 6.12.28, firmware
siderolabs/pkgs@9bc66e6 feat: update containerd to 2.1.0
siderolabs/pkgs@c6b54e0 feat: enable zswap
siderolabs/pkgs@4cd7084 feat: update dependencies
siderolabs/pkgs@a3fcbf8 feat(kernel): enable panthor driver
siderolabs/pkgs@74d1665 feat: update ZFS to 2.3.2
siderolabs/pkgs@ddc866b feat: update Linux to 6.12.27
siderolabs/pkgs@a347857 fix: build containerd with Go 1.23
siderolabs/pkgs@74da85c fix: containerd build doesn't need seccomp
siderolabs/pkgs@4effa05 fix: downgrade libseccomp to 2.5.5
siderolabs/pkgs@9cea00b feat: update Linux to 6.12.25
siderolabs/pkgs@cb108a5 feat(kernel): enable bcache module
siderolabs/pkgs@d042432 fix: backport sandbox fix for Gvisor
siderolabs/pkgs@fa625dc feat: update Linux 6.12.24, containerd 2.0.5

Changes from siderolabs/siderolink

3 commits

siderolabs/siderolink@5f46f65 feat: handle panics in goroutines
siderolabs/siderolink@d09ff45 fix: race in wait value
siderolabs/siderolink@d2a79e0 fix: clean up device on failure

Changes from siderolabs/tools

4 commits

siderolabs/tools@1dfd14b feat: update Go to 1.24.4
siderolabs/tools@af3fd64 feat: update dependencies
siderolabs/tools@e35234b feat: update dependencies
siderolabs/tools@c96a4e6 chore: update toolchain to the latest version

Dependency Changes

cloud.google.com/go/compute/metadata v0.6.0 -> v0.7.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0 -> v1.10.1
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.3.1 -> v1.4.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.1 -> v1.4.0
github.com/aws/aws-sdk-go-v2/config v1.29.14 -> v1.29.17
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 -> v1.16.32
github.com/aws/aws-sdk-go-v2/service/kms v1.38.3 -> v1.41.2
github.com/aws/smithy-go v1.22.3 -> v1.22.4
github.com/containerd/containerd/api v1.8.0 -> v1.9.0
github.com/containerd/containerd/v2 v2.0.5 -> v2.1.3
github.com/containernetworking/plugins v1.6.2 -> v1.7.1
github.com/cosi-project/runtime v0.10.2 -> v0.10.6
github.com/detailyang/go-fallocate 432fa640bd2e new
github.com/docker/cli v28.0.4 -> v28.3.0
github.com/docker/docker v28.0.4 -> v28.3.0
github.com/equinix-ms/go-vmw-guestrpc v0.1.1 new
github.com/foxboron/go-uefi 69fb7dba244f -> a3183a1bfc84
github.com/google/cadvisor v0.52.1 -> v0.53.0
github.com/google/cel-go v0.24.1 -> v0.25.0
github.com/google/go-containerregistry v0.20.3 -> v0.20.6
github.com/google/go-tpm v0.9.3 -> v0.9.5
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.1 -> v2.3.2
github.com/hetznercloud/hcloud-go/v2 v2.21.0 -> v2.21.1
github.com/jsimonetti/rtnetlink/v2 v2.0.3 -> v2.0.5
github.com/klauspost/cpuid/v2 v2.2.10 -> v2.2.11
github.com/linode/go-metadata v0.2.1 -> v0.2.2
github.com/miekg/dns v1.1.65 -> v1.1.66
github.com/pkg/xattr v0.4.10 -> v0.4.11
github.com/prometheus/procfs v0.16.0 -> v0.16.1
github.com/rivo/tview 949945f8d922 -> a4a78f1e05cb
github.com/safchain/ethtool v0.5.10 -> v0.6.1
github.com/siderolabs/crypto v0.5.1 -> v0.6.0
github.com/siderolabs/gen v0.8.0 -> v0.8.4
github.com/siderolabs/go-blockdevice/v2 v2.0.16 -> v2.0.18
github.com/siderolabs/go-circular v0.2.2 -> v0.2.3
github.com/siderolabs/go-kubernetes v0.2.21 -> v0.2.24
github.com/siderolabs/pkgs v1.10.0-5-g48dba3e -> v1.11.0-alpha.0-40-g03bb94c
github.com/siderolabs/siderolink v0.3.13 -> v0.3.15
github.com/siderolabs/talos/pkg/machinery v1.10.0 -> v1.11.0-alpha.3
github.com/siderolabs/tools v1.10.0 -> v1.11.0-alpha.0-3-g1dfd14b
go.etcd.io/etcd/api/v3 v3.5.21 -> v3.6.1
go.etcd.io/etcd/client/pkg/v3 v3.5.21 -> v3.6.1
go.etcd.io/etcd/client/v3 v3.5.21 -> v3.6.1
go.etcd.io/etcd/etcdutl/v3 v3.5.21 -> v3.6.1
golang.org/x/net v0.39.0 -> v0.41.0
golang.org/x/oauth2 v0.29.0 -> v0.30.0
golang.org/x/sync v0.13.0 -> v0.15.0
golang.org/x/sys v0.32.0 -> v0.33.0
golang.org/x/term v0.31.0 -> v0.32.0
golang.org/x/text v0.24.0 -> v0.26.0
golang.org/x/time v0.11.0 -> v0.12.0
google.golang.org/grpc v1.71.1 -> v1.73.0
k8s.io/api v0.33.0 -> v0.34.0-alpha.2
k8s.io/apimachinery v0.33.0 -> v0.34.0-alpha.2
k8s.io/apiserver v0.33.0 -> v0.34.0-alpha.2
k8s.io/client-go v0.33.0 -> v0.34.0-alpha.2
k8s.io/component-base v0.33.0 -> v0.34.0-alpha.2
k8s.io/cri-api v0.33.0 -> v0.34.0-alpha.2
k8s.io/kube-scheduler v0.33.0 -> v0.34.0-alpha.2
k8s.io/kubectl v0.33.0 -> v0.34.0-alpha.2
k8s.io/kubelet v0.33.0 -> v0.34.0-alpha.2
k8s.io/pod-security-admission v0.33.0 -> v0.34.0-alpha.2
sigs.k8s.io/hydrophone b92baf7e0b04 -> v0.7.0
sigs.k8s.io/yaml v1.4.0 -> v1.5.0

Previous release can be found at v1.10.0

Images

ghcr.io/siderolabs/flannel:v0.27.0
registry.k8s.io/coredns/coredns:v1.12.2
gcr.io/etcd-development/etcd:v3.5.21
registry.k8s.io/kube-apiserver:v1.34.0-alpha.2
registry.k8s.io/kube-controller-manager:v1.34.0-alpha.2
registry.k8s.io/kube-scheduler:v1.34.0-alpha.2
registry.k8s.io/kube-proxy:v1.34.0-alpha.2
ghcr.io/siderolabs/kubelet:v1.34.0-alpha.2
ghcr.io/siderolabs/installer:v1.11.0-alpha.3
registry.k8s.io/pause:3.10