siderolabs/talos v1.12.0-alpha.2 on GitHub

Talos 1.12.0-alpha.2 (2025-10-29)

Welcome to the v1.12.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Disk Encryption

Talos versions prior to v1.12 used the state of PCR 7 and signed policies locked to PCR 11 for TPM based disk encryption.

Talos now supports configuring which PCRs states are to be used for TPM based disk encryption via the options.pcrs
field in the tpm section of the disk encryption configuration.

If user doesn't specify any options Talos defaults to using PCR 7 for backwards compatibility with existing installations.

This change was made to improve compatibility with systems that may have varying states in PCR 7 due to UEFI Secure Boot configurations
and users may wish to disable locking to PCR 7 state entirely.

Signed PCR policies will still be bound to PCR 11.

The currently used PCR's can be seen with talosctl get volumestatus <volume> -o yaml command.

Embedded Config

Talos Linux now supports embedding the machine configuration directly into the boot image.

etcd

etcd container image is now pulled from registry.k8s.io/etcd instead of gcr.io/etcd-development/etcd.

Ethernet Configuration

The Ethernet configuration now includes a wakeOnLAN field to enable Wake-on-LAN (WOL) support.
This field can be set to enable WOL and specify the desired WOL modes.

Extra Binaries

Talos Linux now ships with nft binary in the rootfs to support CNIs which shell out to nft command.

Feature Lock

Talos now ignores the following machine configuration fields:

machine.features.rbac (locked to true)
machine.features.apidCheckExtKeyUsage (locked to true)
cluster.apiServer.disablePodSecurityPolicy (locked to false)

These fields were removed from the default machine configuration schema in v1.12 and are now always set to the locked values above.

GRUB

Talos Linux introduces new machine configuration option .machine.install.grubUseUKICmdline to control whether GRUB should use the kernel command line
provided by the boot assets (UKI) or to use the command line constructed by Talos itself (legacy behavior).

This option defaults to true for new installations, which means that GRUB will use the command line from the UKI, making it easier to customize kernel parameters via boot asset generation.
For existing installations upgrading to v1.12, this option will default to false to preserve the legacy behavior.

Kernel Module

Talos now supports optionally disabling kernel module signature verification by setting module.sig_enforce=0 kernel parameter.
By default module signature verification is enabled (module.sig_enforce=1).
When using Factory or Imager supply as -module.sig_enfore module.sig_enforce=0 kernel parameters to disable module signature enforcement.

Kernel Security Posture Profile (KSPP)

Talos now enables a stricter set of KSPP sysctl settings by default.
The list of overridden settings is available with talosctl get kernelparamstatus command.

Encrypted Volumes

Talos Linux now consistently provides mapped names for encrypted volumes in the format /dev/mapper/luks2-<volume-id>.
This change should not affect system or user volumes, but might allow easier identification of encrypted volumes,
and specifically for raw encrypted volumes.

talosctl image cache-serve

talosctl includes new subcommand image cache-serve.
It allows serving the created OCI image registry over HTTP/HTTPS.
It is a read-only registry, meaning images cannot be pushed to it, but the backing storage can be updated by re-running the cache-create command;

Additionally talosctl image cache-create has some changes:

new flag --layout: oci (default), flat:
- oci preserves current behavior;
- flat does not repack artifact layer, but moves it to a destination directory, allowing it to be served by talosctl image cache-serve;
changed flag --platform: now can accept multiple os/arch combinations:
- comma separated (--platform=linux/amd64,linux/arm64);
- multiple instances (--platform=linux/amd64 --platform=linux/arm64);

Component Updates

Linux: 6.17.5
Kubernetes: 1.35.0-alpha.2
CNI Plugins: 1.8.0
cryptsetup: 2.8.1
LVM2: 2_03_34
systemd-udevd: 257.8
runc: 1.3.2
CoreDNS: 1.13.0
etcd: 3.6.5
Flannel: 0.27.4
Flannel CNI plugin: v1.8.0-flannel1

Talos is built with Go 1.25.3.

Contributors

Andrey Smirnov
Noel Georgi
Mateusz Urbanek
Dmitrii Sharshakov
Amarachi Iheanacho
Orzelius
Oguz Kilcan
Utku Ozdemir
George Gaál
Jorik Jonker
Justin Garrison
Michael Smith
459below
Alp Celik
Andrew Longwill
Chris Sanders
Dmitry
Febrian
Florian Grignon
Fred Heinecke
Giau. Tran Minh
Grzegorz Rozniecki
Guillaume LEGRAIN
Markus Freitag
Max Makarov
Mike Beaumont
Misha Aksenov
MrMrRubic
Olivier Doucet
Sammy ETUR
Serge Logvinov
Skyler Mäntysaari
SuitDeer
Tom
aurh1l
frozenprocess
frozensprocess
kassad
leppeK
samoreno
theschles
winnie

Changes

245 commits

fed948b8a release(v1.12.0-alpha.2): prepare release
fb4bfe851 chore: fix LVM test
f4ee0d112 chore: disable VIP operator test
288f63872 feat: bump deps
b66482c52 feat: allow disabling injection of extra cmdline in cluster create
704b5f99e feat: update Kubernetes to 1.35.0-alpha.2
1dffa5d99 feat: implement virtual IP operator config
43b1d7537 fix: validate provisioner when destroying local clusters
b494c54c8 fix: talos import on non-linux
61e95cb4b feat: support bootloader option for ISO
d11072726 fix: provide offset for partitions in discovered volumes
39eeae963 feat: update dependencies
9890a9a31 test: fix OOM test
c0772b8ed feat: add airgapped mode to QEMU backed talos
ac60a9e27 fix: update test for PCI driver rebind/IOMMU
6c98f4cdb feat: implement new DHCP network configuration
da92a756d fix: drop 'ro' falg from defaults
28fd2390c fix: imager build on arm64
4e12df8c5 test: integration test for OOM controller
7e498faba feat: use image signer
eccb21dd3 feat: add presets to the 'cluster create qemu' command
ec0a813fa feat: unify cmdline handling GRUB/systemd-boot
37e4c40c6 fix: skip module signature tests on docker provisioner only
8124efb42 fix: cache e2e
4adcda0f5 fix: reserve the apid and trustd ports from the ephemeral port range
ced57b047 feat: support optionally disabling module sig verification
1e5c4ed64 fix: build talosctl image cache-serve non-linux
dbdd2b237 feat: add static registry to talosctl
77d8cc7c5 chore: push latest tag only on main
59d9b1c75 feat: update dependencies
bf6ad5171 feat: add back install script
da451c5ba chore: drop documentation except for fresh reference
2f23fedeb fix: file leak in reading cgroups
b412ffdbc docs: update README.md for docs link
8dc51bae7 feat: add drm_gpuvm and drm_gpusvm_helper modules
4ca58aeb8 fix: make Akamai platform usable
061f8e76f feat: bump pkgs
a9fa852da feat: update uefi image to talos linux logo
04753ba69 feat: update go to 1.25.2
9a42b05bd feat: implement link aliasing
d732bd0be chore(ci): run only nvidia tests for NVIDIA workflows
8d1468209 fix: stop populating apiserver cert SANs
02473244c fix: wait for mount status to be proper mode
825622d90 fix: resource proto definitions
2c6003e79 docs: add Project Calico installation in two mode
4fb4c8678 feat: add disk.EnableUUID to generated ova
33fb48f8f fix: add dashboard spinner
053fd0bd4 feat: update Linux to 6.17
34e107e1b docs: fix broken link
dfbece56b docs: update the kubespan docs
8b041a72c docs: update scaleway.md
435dcbf82 fix: provide nocloud metadata with missing network config
ec3bd878f refactor: remove the go-blockdevice v1 completely
33544bde9 fix: minor improvements to fs
fd2eebf7f feat: create merge patch from diff of two machine configs
eadbdda94 fix: uefi boot order setting
cd9fb2743 fix: support secure HTTP proxy with gRPC dial
adf87b4b9 feat: update Flannel to v0.27.4
5dfb7e1fe feat: serve etcd image from registry.k8s.io
5ca841804 fix: nftables flaky test
a940e45a7 feat: generate list of images required to build talos
3472d6e79 fix: revert "chore: use new mount/v3 package in efivarfs"
42c0bdbf3 feat: add provisioner flag to images default command
6bc0b1bcf feat: drop and lock deprecated features
362a8e63b fix: change the compression format
6e58f58aa fix: mkdir artifacts path
3165a2b84 release(v1.12.0-alpha.1): prepare release
e455c7ea9 chore: use testing/synctest in tests
7f048e962 feat: update dependencies
fe36b3d32 fix: stop returning EINVAL on remount of detached mounts
c6279e04c chore: use new mount/v3 package in efivarfs
d5197effb feat: update etcd 3.6.5, CoreDNS 1.12.4
33714b715 feat: release cloud image using factory
d10a2747e docs: deprecate JSON6902 patches and interactive installer
1e604cbf5 fix: don't set broadcast for /31 and /32 addresses
65a66097a refactor: split cluster create logic into smaller parts
ab847310e fix: provide refreshing CA pool (resolvers)
d63c3ed7d docs: update secureboot docs
493f7ed9d feat: support embedded config
251df70f6 feat: add a userspace OOM controller
7bae5b40b feat: implement link configuration
724857dec fix(ci): skip netbird extension for tests
e06a08698 fix: default gateway as string
7ed07412e fix: uefi boot entry handling logic
ea4ed165a refactor: efivarfs mock and tests
1fca111e2 feat: support setting wake-on-lan for Ethernet
94f78dbe7 docs: add a documentation for running Talos in KVM
46902f8fd docs: add TrueFullstaq to adopters
a28e5cbd5 chore: update pkgs and tools
7cf403db8 docs: step-by-step scaleway documentation to get an image
687285fa2 docs: remove 'curl' in wget command
9db6dc06c feat: stop mounting state partition
53ce93aae test: try to clear connection refused more aggressively
51db5279c fix: bump trustd memory limit
25204dc8a fix(machined): change constants.MinimumGOAMD64Level using build tag
9cd2d794d feat: ship nft binary with Talos rootfs
b1416c9fe feat: record last log the failed service
0b129f9ef feat: enforce more KSPP and hardening sysctls
11872643c chore: drop docs folder
d30fdcd88 chore: pass in github token to imager
b88f27d80 chore: make reset test code a bit better
1cde53d01 test: fix several issues with tests
16cd127a0 docs: add docs on updating image cache
c3ae92b14 fix: build kernel checks only on linux
2120904ec feat: create detached tmpfs
6bbee6de5 docs: remove 'ceph-data' from volume examples/docs
07acb3bd2 fix: use correct order to determine SideroV1 keys directory path
2d57fa002 fix: trim zero bytes in the DHCP host & domain response
451cb5f78 docs: clarify disk partition confusion
a2122ee5c feat: implement HostConfig multi-doc
69ab076b4 fix: re-create cgroups when restarting runners
297b5cc28 docs: add docs on node labels
e168512dd fix: apply 'ro' flag to iso9660 filesystems
7f7acfbb9 docs: fix typo in doc
d57882b18 feat: update Kubernetes to 1.34.1
f85f82f32 test: fix flakiness in RawVolumes test
82569e319 feat: update Linux 6.16.6
2fd2ab4e4 fix: remove CoreDNS cpu limit
ce9bc32a0 chore(ci): rekres to use new runner groups
8b64f68f6 test: improve test stability
272cb860d chore: drop the --input-dir flag from the cluster create command
1b6533675 docs: add note about ca-signed certs for secureboot
d3f88f50c docs: document talos vip failover behavior
005fc8bd5 docs: add docs on syncing configs after a kube upgrade
4d876d9af feat: update Go to 1.25.1
2b556cd22 feat: implement multi-doc StaticHostConfig
a7b776842 docs: replace Raspberry Pi 5 links with Talos builder
a349b20ed docs: clarify that talos does not support intermediate ca
895133de9 feat: support configuring PCR states to bind disk encryption
c1360103b docs: fix command for uploading image on Hetzner
43b5b9d89 fix: correctly handle status-code 204
feeb0d312 feat: update runc to 1.3.1
421634a14 docs: add docs on multihoming
41af2d230 refactor: clean up internal cluster creation code
3000d9e43 fix: don't bootstrap talos cluster if there's no config present
79cb871d0 feat: use the id of the volume in the mapped luks2 name
6c322710d chore: refactor mount package
ced7186e2 refactor: update COSI to 1.11.0
de2e24fcd docs: clarify that install-cni image is deprecated
bef8ef509 docs: add docs on cilium's compatibility with kubespan
e5acb10fc feat: update pkgs
c4c1daf0e docs: add info about br_netfilter
5c52ecac3 docs: clarify interactive dashboard resolution control
15ecb02a4 feat: update Linux kernel (memcg_v1, ublk)
53f18c2f6 fix: enable support for VMWare arm64
3bbe1c0da docs: add docs on grow flag
b9fb09dcd release(v1.12.0-alpha.0): prepare release
6a389cad3 chore: update dependencies
9d98c2e89 feat: add a cgroup preset for PSI and --skip-cri-resolve
072f77b16 chore: prepare for future Talos 1.12-alpha.0 release
96f41ce88 docs: update qemu and docker docs
a751cd6b7 docs: activate Talos v1.11 docs by default
e8f1ec1c5 docs: fix broken create qemu command v1.11 docs
639f0dfdd feat: update Linux to 6.16.4
8aa7b3933 fix: bring back linux/armv7 build and update xz
9cae7ba6b feat: update CoreDNS to 1.12.3
cfef3ad45 fix: drop linux/armv7 build
42ea2ac50 fix: update xz module (security)
4fcfd35b9 docs: fix module name example
50824599a chore: update some tools
bcd297490 feat: allow Ed25119 in FIPS mode
5992138bb test: ignore one leaking goroutine
d155326c1 docs: add sbc unofficial ports docs
285fa7d22 docs: add the deploy application docs
527791f09 feat: update Kubernetes to 1.34.0
a1c0e237d feat: update Linux to 6.15.11, Go to 1.25
4d7fc25f8 docs: switch order of wipe disk command
7368a994d feat: add SOCKS5 proxy support to dynamic proxy dialer
d63591069 chore: silence linter warnings
07eb4d7ec fix: set default ram unit to MiB instead of MB
6b732adc4 feat: update Linux to 6.12.43
b6410914f feat: add human readable byte size cli flags
ec70cef99 feat: update NVIDIA drivers and kernel
0879efa69 feat: update Kubernetes default to v1.34.0-rc.2
f504639df feat: add a user-facing create qemu command
558e0b09a test: fix the Image Factory PXE boot test
d73f0a2e5 docs: make readme badges consistent
f1369af98 chore: use new filesystem api on STATE partition
366cedbe7 docs: link to kubernetes linux swap tuning
2f5a16f5e fix: make --with-uuid-hostnames functionality available to qemu provider
70612c1f9 refactor: split the PlatformConfigController
511748339 docs: add system extension tier documentation
009fb1540 test: don't run nvidia tests on integration/aws
99674ef20 docs: apply fixes for what is new
92db677b5 fix: image cache lockup on a missing volume
9c97ed886 fix: version contract parsing in encryption keys handling
1fc670a08 fix: dial with proxy
18447d0af feat: update Linux to 6.12.41
f65f39b78 fix: provide mitigation CVE-1999-0524
8817cc60c fix: actually use SIDEROV1_KEYS_DIR env var if it's provided
b08b20a10 feat: use key provider with fallback option for auth type SideroV1
7a52d7489 fix: kubernetes upgrade options for kubelet
ea8289f55 feat: add a user facing docker command
54ad64765 chore: re-enable vulncheck
26bbddea9 fix: darwin build
b5d5ef79e fix: set secs field in DHCPv4 packets
c07911933 chore: refactor how tools are being installed
34f25815c docs: fork docs for v1.12
b66b995d3 feat: update default Kubernetes to v1.34.0-rc.1
b967c587d docs: fix clone URL to include .git
b72c68398 docs: edit the insecure, etcd-metrics, inline and extramanifests
e5b9c1fff docs: remov RAS Syndrome
701fe774b docs: fix cilium links and bump to 1.18.0
d306713a1 feat: update Go to 1.24.6
721595a00 chore: add deadcode elimination linter
dc4865915 refactor: stop using text/template in machined code paths
545be55ed feat: add a pause function to dashboard
06a6c0fe3 refactor: fix deadcode elimination with godbus
2dce8f8d4 refactor: replace containerd/containerd/v2 module for proper DCE
9b11d8608 chore: rekres to configure slack notify workflow for CI failures
5ce6a660f docs: augment the pod security docs
ada51ff69 fix: unmarshal encryption STATE from META
b9e9b2e07 docs: add what is new notes for 1.11
53055bdf4 docs: fix typo in kubevirt page
8d12db480 fix: one more attempt to fix volume mount race on restart
34d37a268 chore: rekres to use correct slack channel for slack-notify
326a00538 feat: implement talos.config.early command line arg
a5f3000f2 feat: implement encryption locking to STATE
c1e65a342 docs: remove talos API flags from mgmt commands
181d0bbf5 feat: bootedentry resource
7ad439ac3 fix: enforce minimum size on user volumes if not set explicitly
50e37aefd fix: live reload of TLS client config for discovery client
87efd75ef feat: update containerd to 2.1.4
724b9de6d feat: add F71808E watchdog driver
8af96f7af docs: add ETCD downgrade documentation
44edd205d docs: add remark about 'exclude-from-external-load-balancers' label
727101926 fix(ci): use a random suffix for ami names
d621ce372 fix: grype scan
d62e255c2 fix: issues with reading GPT
5d0883e14 feat: update PCI DB module to v0.3.2
3751c8ccf test: wait for service account test job longer
a592eb9f9 feat: update Linux to 6.12.40
4c40e6d3f feat: update etcd to 3.6.4
2bc37bd2c docs: fix error in kernel module guide
bfc57fb86 chore: tag aws snapshots created via ci with the image name
06ef7108a fix: issue with volume remount on service restart
03efbff18 docs: add SBOM documentation
af8a2869d fix: do not download artifacts for cron Grype scan
5f442159b feat: unify disk encryption configuration
38e176e59 chore(ci): fix datasource versioning
85d6b9198 feat: update etcd to v3.5.22
dd7bd2dab docs: rewrite the getting started and prod docs for v1.10 and v1.11
136a899aa chore: regenerate release step with signing fixes
450b30d5a chore(ci): add more nvidia test matrix
451c2c4c3 test: add talosctl:latest to the image cache

Changes since v1.12.0-alpha.1

66 commits

fed948b8a release(v1.12.0-alpha.2): prepare release
fb4bfe851 chore: fix LVM test
f4ee0d112 chore: disable VIP operator test
288f63872 feat: bump deps
b66482c52 feat: allow disabling injection of extra cmdline in cluster create
704b5f99e feat: update Kubernetes to 1.35.0-alpha.2
1dffa5d99 feat: implement virtual IP operator config
43b1d7537 fix: validate provisioner when destroying local clusters
b494c54c8 fix: talos import on non-linux
61e95cb4b feat: support bootloader option for ISO
d11072726 fix: provide offset for partitions in discovered volumes
39eeae963 feat: update dependencies
9890a9a31 test: fix OOM test
c0772b8ed feat: add airgapped mode to QEMU backed talos
ac60a9e27 fix: update test for PCI driver rebind/IOMMU
6c98f4cdb feat: implement new DHCP network configuration
da92a756d fix: drop 'ro' falg from defaults
28fd2390c fix: imager build on arm64
4e12df8c5 test: integration test for OOM controller
7e498faba feat: use image signer
eccb21dd3 feat: add presets to the 'cluster create qemu' command
ec0a813fa feat: unify cmdline handling GRUB/systemd-boot
37e4c40c6 fix: skip module signature tests on docker provisioner only
8124efb42 fix: cache e2e
4adcda0f5 fix: reserve the apid and trustd ports from the ephemeral port range
ced57b047 feat: support optionally disabling module sig verification
1e5c4ed64 fix: build talosctl image cache-serve non-linux
dbdd2b237 feat: add static registry to talosctl
77d8cc7c5 chore: push latest tag only on main
59d9b1c75 feat: update dependencies
bf6ad5171 feat: add back install script
da451c5ba chore: drop documentation except for fresh reference
2f23fedeb fix: file leak in reading cgroups
b412ffdbc docs: update README.md for docs link
8dc51bae7 feat: add drm_gpuvm and drm_gpusvm_helper modules
4ca58aeb8 fix: make Akamai platform usable
061f8e76f feat: bump pkgs
a9fa852da feat: update uefi image to talos linux logo
04753ba69 feat: update go to 1.25.2
9a42b05bd feat: implement link aliasing
d732bd0be chore(ci): run only nvidia tests for NVIDIA workflows
8d1468209 fix: stop populating apiserver cert SANs
02473244c fix: wait for mount status to be proper mode
825622d90 fix: resource proto definitions
2c6003e79 docs: add Project Calico installation in two mode
4fb4c8678 feat: add disk.EnableUUID to generated ova
33fb48f8f fix: add dashboard spinner
053fd0bd4 feat: update Linux to 6.17
34e107e1b docs: fix broken link
dfbece56b docs: update the kubespan docs
8b041a72c docs: update scaleway.md
435dcbf82 fix: provide nocloud metadata with missing network config
ec3bd878f refactor: remove the go-blockdevice v1 completely
33544bde9 fix: minor improvements to fs
fd2eebf7f feat: create merge patch from diff of two machine configs
eadbdda94 fix: uefi boot order setting
cd9fb2743 fix: support secure HTTP proxy with gRPC dial
adf87b4b9 feat: update Flannel to v0.27.4
5dfb7e1fe feat: serve etcd image from registry.k8s.io
5ca841804 fix: nftables flaky test
a940e45a7 feat: generate list of images required to build talos
3472d6e79 fix: revert "chore: use new mount/v3 package in efivarfs"
42c0bdbf3 feat: add provisioner flag to images default command
6bc0b1bcf feat: drop and lock deprecated features
362a8e63b fix: change the compression format
6e58f58aa fix: mkdir artifacts path

Changes from siderolabs/crypto

2 commits

siderolabs/crypto@4154a77 feat: implement dynamic certificate reloader
siderolabs/crypto@dae07fa chore: update to Go 1.25

Changes from siderolabs/go-api-signature

2 commits

siderolabs/go-api-signature@184f94d chore: rekres and bump go to 1.25.2
siderolabs/go-api-signature@68478e2 fix: return invalid signature error when a signature is required

Changes from siderolabs/go-debug

2 commits

siderolabs/go-debug@d51e25a chore: rekres, bump deps and go
siderolabs/go-debug@e21721b chore: add support for Go 1.25

Changes from siderolabs/go-kubernetes

1 commit

siderolabs/go-kubernetes@8454fe9 feat: add upgrade path for 1.35

Changes from siderolabs/go-loadbalancer

1 commit

siderolabs/go-loadbalancer@5e7a8b2 feat: add jitter and initial health check wait support to upstreams

Changes from siderolabs/pkgs

47 commits

siderolabs/pkgs@da97c36 feat: update linux-firmware
siderolabs/pkgs@6d58d7f feat: bump deps
siderolabs/pkgs@b535af8 feat: update dependencies
siderolabs/pkgs@a098092 feat: update Linux to 6.17.3, tt-kmd to 2.4.1
siderolabs/pkgs@661e578 feat: add xe extension
siderolabs/pkgs@8ddac2d feat: bump go
siderolabs/pkgs@332303e fix: rollback libseccomp version
siderolabs/pkgs@f62ebca chore: update dependencies
siderolabs/pkgs@56f8ae3 feat: update Linux to 6.17.1, NVIDIA LTS to 580.95.05
siderolabs/pkgs@20b1849 fix: revert "feat" support adding extra trusted certificates in the kernel"
siderolabs/pkgs@1e3d375 feat: bump go
siderolabs/pkgs@ddfd7af feat: bump dependencies
siderolabs/pkgs@4dc7709 feat: update runc to 1.3.2
siderolabs/pkgs@61d8b44 chore: fix renovate config for urcu & hailort
siderolabs/pkgs@5bda512 feat: upgrade Linux to 6.17
siderolabs/pkgs@202a8e6 feat: update Linux to 6.16.9
siderolabs/pkgs@3a0900f feat: enable SRv6 LWTUNNEL and BPF support
siderolabs/pkgs@628efc8 chore: update linuxfirmware and rekres
siderolabs/pkgs@9d1fb02 feat: support adding extra trusted certificates in the kernel
siderolabs/pkgs@7fe686d fix: build nftables with embedded gmp
siderolabs/pkgs@fede0a7 feat: add nft binary
siderolabs/pkgs@0dae01a feat: update NVIDIA to 580.82.07
siderolabs/pkgs@9ac2392 feat: enable Kernel config options for IPVS Maglev hashing scheduler support
siderolabs/pkgs@3c5315c feat: update dependencies
siderolabs/pkgs@122fa66 feat: update Linux to 6.16.6
siderolabs/pkgs@ab1e866 feat: update Go to 1.25.1
siderolabs/pkgs@7d6ef1b feat: update runc to 1.3.1
siderolabs/pkgs@e067c20 feat: enable USB audio support
siderolabs/pkgs@c4faa38 feat: bump dependencies
siderolabs/pkgs@453cdfc feat: enable ublk support
siderolabs/pkgs@9824684 fix: enable memcg v1
siderolabs/pkgs@2447e11 feat: update Linux to 6.16, GCC to 15
siderolabs/pkgs@2cfb920 feat: update Linux to 6.15.11, update tools, rekres
siderolabs/pkgs@ab4e975 feat: update Linux to 6.12.43
siderolabs/pkgs@cd67e36 chore: update kernel config to support max SMP CPUs
siderolabs/pkgs@e3b2094 fix: fix build for new NVIDIA drivers
siderolabs/pkgs@fd5fdfd feat: update Nvidia LTS to 580.65.06 and production to 570.172.08
siderolabs/pkgs@0edf426 fix: backport CVE kernel patches to 6.12
siderolabs/pkgs@26d8fef feat: enable Infiniband IRDMA support
siderolabs/pkgs@16b5fac fix: re-enable CPUSETS_V1 cgroups controller
siderolabs/pkgs@fd53886 feat: update backportable dependencies
siderolabs/pkgs@d5f7467 feat: update Go to 1.24.6
siderolabs/pkgs@0bd019f feat: update containerd to 2.1.4
siderolabs/pkgs@0ba8b5b feat: enable F71808E watchdog driver
siderolabs/pkgs@895a86b fix: enable ISCSI IBFT
siderolabs/pkgs@a76a67c feat: update Linux to 6.12.40
siderolabs/pkgs@8b0a561 feat: enable bootloader control on amd64

Changes from siderolabs/tools

17 commits

siderolabs/tools@a08cc1f feat: update git to 2.51.1
siderolabs/tools@e62d613 feat: bump go
siderolabs/tools@916b464 fix: add pkgconf for ncurses, fix Renovate configs, bump deps
siderolabs/tools@11f0337 feat: update Go
siderolabs/tools@2c56d7a feat: update OpenSSL to 3.5.4
siderolabs/tools@8f27cfa feat: update dependencies
siderolabs/tools@1c1420e feat: add tinfo to ncurses
siderolabs/tools@7c7328b fix: set regex in renovate config directly
siderolabs/tools@3ab353b fix: modify renovate regex on ca_certificates
siderolabs/tools@4f90801 chore: update openssl, curl, libexpat and rekres
siderolabs/tools@c37ac80 feat: update Go to 1.25.1
siderolabs/tools@7c659e9 feat: update to GCC 15
siderolabs/tools@83fd7b7 feat: migrate from pkg-config to pkgconf
siderolabs/tools@edafd5f feat: update toolchain for new Go and Linux headers
siderolabs/tools@65789c7 chore: drop unused vars from Pkgfile
siderolabs/tools@52db66e chore: drop protobuf-related stuff from tools
siderolabs/tools@e3c3ef2 feat: update Go to 1.24.6

Dependency Changes

cloud.google.com/go/compute/metadata v0.7.0 -> v0.9.0
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1 -> v1.19.1
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 -> v1.13.0
github.com/aws/aws-sdk-go-v2/config v1.29.17 -> v1.31.13
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 -> v1.18.10
github.com/aws/aws-sdk-go-v2/service/kms v1.41.2 -> v1.46.0
github.com/aws/smithy-go v1.22.4 -> v1.23.1
github.com/beevik/ntp v1.4.3 -> v1.5.0
github.com/containernetworking/plugins v1.7.1 -> v1.8.0
github.com/cosi-project/runtime v1.10.7 -> v1.11.0
github.com/docker/cli v28.3.3 -> v28.5.1
github.com/docker/docker v28.3.3 -> v28.5.1
github.com/docker/go-connections v0.5.0 -> v0.6.0
github.com/equinix-ms/go-vmw-guestrpc v0.1.1 -> v1.0.0
github.com/florianl/go-tc v0.4.5 -> v0.4.7
github.com/foxboron/go-uefi a3183a1bfc84 -> d29549a44f29
github.com/gdamore/tcell/v2 v2.8.1 -> v2.9.0
github.com/google/cel-go v0.26.0 -> v0.26.1
github.com/google/go-tpm v0.9.5 -> v0.9.6
github.com/gopacket/gopacket v1.3.1 -> v1.4.0
github.com/hetznercloud/hcloud-go/v2 v2.22.0 -> v2.28.0
github.com/insomniacslk/dhcp 8abf58130905 -> 175e84fbb167
github.com/mdlayher/netlink fbb4dce95f42 -> v1.8.0
github.com/miekg/dns v1.1.67 -> v1.1.68
github.com/rivo/tview a4a78f1e05cb -> v0.42.0
github.com/safchain/ethtool v0.6.1 -> v0.6.2
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.34 -> v1.0.0-beta.35
github.com/siderolabs/crypto v0.6.3 -> v0.6.4
github.com/siderolabs/go-api-signature v0.3.7 -> v0.3.9
github.com/siderolabs/go-debug v0.5.0 -> v0.6.1
github.com/siderolabs/go-kubernetes v0.2.26 -> v0.2.27
github.com/siderolabs/go-loadbalancer v0.4.0 -> v0.5.0
github.com/siderolabs/pkgs v1.11.0-15-g2ac857a -> v1.12.0-alpha.0-45-gda97c36
github.com/siderolabs/talos/pkg/machinery v1.11.0 -> v1.12.0-alpha.2
github.com/siderolabs/tools v1.11.0-2-g8556c73 -> v1.12.0-alpha.0-16-ga08cc1f
github.com/spf13/cobra v1.9.1 -> v1.10.1
github.com/spf13/pflag v1.0.7 -> v1.0.10
github.com/stretchr/testify v1.10.0 -> v1.11.1
github.com/u-root/u-root v0.14.0 -> v0.15.0
go.etcd.io/etcd/api/v3 v3.6.4 -> v3.6.5
go.etcd.io/etcd/client/pkg/v3 v3.6.4 -> v3.6.5
go.etcd.io/etcd/client/v3 v3.6.4 -> v3.6.5
go.etcd.io/etcd/etcdutl/v3 v3.6.4 -> v3.6.5
golang.org/x/net v0.42.0 -> v0.46.0
golang.org/x/oauth2 v0.30.0 -> v0.32.0
golang.org/x/sync v0.16.0 -> v0.17.0
golang.org/x/sys v0.34.0 -> v0.37.0
golang.org/x/term v0.33.0 -> v0.36.0
golang.org/x/text v0.27.0 -> v0.30.0
golang.org/x/time v0.12.0 -> v0.14.0
google.golang.org/grpc v1.73.0 -> v1.76.0
google.golang.org/protobuf v1.36.6 -> v1.36.10
gopkg.in/typ.v4 v4.4.0 new
k8s.io/api v0.34.0 -> v0.35.0-alpha.2
k8s.io/apiextensions-apiserver v0.34.0 -> v0.35.0-alpha.2
k8s.io/apimachinery v0.34.0 -> v0.35.0-alpha.2
k8s.io/apiserver v0.34.0 -> v0.35.0-alpha.2
k8s.io/client-go v0.34.0 -> v0.35.0-alpha.2
k8s.io/component-base v0.34.0 -> v0.35.0-alpha.2
k8s.io/cri-api v0.34.0 -> v0.35.0-alpha.2
k8s.io/kube-scheduler v0.34.0 -> v0.35.0-alpha.2
k8s.io/kubectl v0.34.0 -> v0.35.0-alpha.2
k8s.io/kubelet v0.34.0 -> v0.35.0-alpha.2
k8s.io/pod-security-admission v0.34.0 -> v0.35.0-alpha.2
k8s.io/utils 4c0f3b243397 -> bc988d571ff4

Previous release can be found at v1.11.0

Images

ghcr.io/siderolabs/flannel:v0.27.4
registry.k8s.io/coredns/coredns:v1.13.0
registry.k8s.io/etcd:v3.6.5
registry.k8s.io/kube-apiserver:v1.35.0-alpha.2
registry.k8s.io/kube-controller-manager:v1.35.0-alpha.2
registry.k8s.io/kube-scheduler:v1.35.0-alpha.2
registry.k8s.io/kube-proxy:v1.35.0-alpha.2
ghcr.io/siderolabs/kubelet:v1.35.0-alpha.2
ghcr.io/siderolabs/installer:v1.12.0-alpha.2
registry.k8s.io/pause:3.10