Update siderolabs/talos to v1.10.2

[renovate]

This PR contains the following updates:

Package	Update	Change
siderolabs/talos	minor	1.9.4 -> 1.10.2

---

Release Notes

siderolabs/talos (siderolabs/talos)

v1.10.2

Compare Source

Talos 1.10.2 (2025-05-16)

Welcome to the v1.10.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.12.27

Talos is built with Go 1.24.3.

Contributors

• Andrey Smirnov
• Noel Georgi
• Andrew Longwill

Changes

12 commits

• @​1cf5914 release(v1.10.2): prepare release
• @​44083c6 feat: update Linux to 6.12.27
• @​78df89b fix: disable automatic MAC assignment to bridge interfaces
• @​a5de48b fix: selinux detection
• @​92dcddd fix: consistently apply dynamic grpc proxy dialer
• @​b8f1bde chore: rotate aws iam credentials
• @​e6b33e2 chore: update sops keys
• @​b7e5741 test: fix the process runner log collection
• @​9e71cc8 fix: upgrade go-kubernetes for DRA flag bug
• @​5588560 test: fix some flaky tests
• @​b183f95 fix: k8s 1.32->1.33 upgrade check
• @​4b27faf fix: improve volume mounter automaton

Changes from siderolabs/go-kubernetes

2 commits

• siderolabs/go-kubernetes@9070be4 fix: remove DynamicResourceAllocation feature gate
• siderolabs/go-kubernetes@8cb588b fix: k8s 1.32->1.33 upgrade check

Changes from siderolabs/pkgs

4 commits

• siderolabs/pkgs@b425b44 feat: update NVIDIA drivers
• siderolabs/pkgs@88034a5 feat: update ZFS to 2.3.2
• siderolabs/pkgs@87ce8f7 feat: update Linux to 6.12.27
• siderolabs/pkgs@c0af3b8 feat: update Go to 1.24.3

Changes from siderolabs/tools

1 commit

• siderolabs/tools@fa51331 feat: update Go to 1.24.3

Dependency Changes

• github.com/siderolabs/go-kubernetes v0.2.21 -> v0.2.23
• github.com/siderolabs/pkgs v1.10.0-8-g13e9f09 -> v1.10.0-12-gb425b44
• github.com/siderolabs/talos/pkg/machinery v1.10.1 -> v1.10.2
• github.com/siderolabs/tools v1.10.0-1-g67d3f5a -> v1.10.0-2-gfa51331

Previous release can be found at v1.10.1

Images

ghcr.io/siderolabs/flannel:v0.26.7
registry.k8s.io/coredns/coredns:v1.12.1
gcr.io/etcd-development/etcd:v3.5.21
registry.k8s.io/kube-apiserver:v1.33.0
registry.k8s.io/kube-controller-manager:v1.33.0
registry.k8s.io/kube-scheduler:v1.33.0
registry.k8s.io/kube-proxy:v1.33.0
ghcr.io/siderolabs/kubelet:v1.33.0
ghcr.io/siderolabs/installer:v1.10.2
registry.k8s.io/pause:3.10

v1.10.1

Compare Source

Talos 1.10.1 (2025-05-07)

Welcome to the v1.10.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Contributors

• Andrey Smirnov
• Noel Georgi

Changes

16 commits

• @​52269e8 release(v1.10.1): prepare release
• @​5c4f5a1 fix: multiple logic issues in platform network config controller
• @​c881e6a fix: deny apply config requests without v1alpha1 in "normal" mode
• @​5c64e7c fix: interactive installer config gen
• @​46c30f3 fix: generate iso greater than 4 gig
• @​33401be fix: skip PCR extension if TPM1.2 is found
• @​77078ff fix: containerd crashing with sigsegv
• @​3956144 fix: ignore http proxy on grpc socket dial
• @​eb6d98b fix: suppress duplicate platform config updates
• @​6a438ec fix: do correct backoff for nocloud reconcile
• @​9d64f31 fix: drop libseccomp from rootfs
• @​29b2077 fix(ci): provision tests
• @​52afece fix(ci): bios provision test
• @​208503c test: update hydrophone to 0.7.0
• @​649d0f8 chore(ci): add extensions test for Youki runtime
• @​e37573e fix: relax etcd APIs RBAC requirements

Changes from siderolabs/pkgs

3 commits

• siderolabs/pkgs@13e9f09 fix: build containerd with Go 1.23
• siderolabs/pkgs@bdee168 fix: containerd build doesn't need seccomp
• siderolabs/pkgs@61c59a4 fix: downgrade libseccomp to 2.5.5

Changes from siderolabs/tools

1 commit

• siderolabs/tools@67d3f5a chore: update toolchain to the latest version

Dependency Changes

• github.com/siderolabs/pkgs v1.10.0-5-g48dba3e -> v1.10.0-8-g13e9f09
• github.com/siderolabs/talos/pkg/machinery v1.10.0 -> v1.10.1
• github.com/siderolabs/tools v1.10.0 -> v1.10.0-1-g67d3f5a
• sigs.k8s.io/hydrophone b92baf7 -> v0.7.0

Previous release can be found at v1.10.0

Images

ghcr.io/siderolabs/flannel:v0.26.7
registry.k8s.io/coredns/coredns:v1.12.1
gcr.io/etcd-development/etcd:v3.5.21
registry.k8s.io/kube-apiserver:v1.33.0
registry.k8s.io/kube-controller-manager:v1.33.0
registry.k8s.io/kube-scheduler:v1.33.0
registry.k8s.io/kube-proxy:v1.33.0
ghcr.io/siderolabs/kubelet:v1.33.0
ghcr.io/siderolabs/installer:v1.10.1
registry.k8s.io/pause:3.10

v1.10.0

Compare Source

Welcome to the v1.10.0-alpha.3 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

auditd

Kernel parameter talos.auditd.disabled=1 can be used to disable Talos built-in auditd service.

cgroups v1

Talos Linux no longer supports cgroupsv1 when running in non-container mode.
The kernel argument talos.unified_cgroup_hierarchy is now ignored.

Disk Image

Talos starting with 1.10 will have disk images that will use GRUB only for legacy BIOS and systemd-boot for modern UEFI systems.
On first boot Talos determines the boot method and will wipe the unused bootloader.

Secureboot disk-images will be sd-boot only.

For ARM64 imager will still generate GRUB bootloader for Talos < 1.10 and for Talos >= 1.10 all ARM64 boot assets will use systemd-boot.

Imager supports overwriting bootloader when generating a disk image via the Imager profile output option.

Eg:

output:
  kind: image
  imageOptions:
    bootloader: sd-boot # supported options are sd-boot, grub, dual-boot

Driver Rebind

Talos 1.10 now supports a new machine config document named PCIDriverRebindConfig that allows rebinding the driver of a PCI device to a different target driver.
See the documentation for more information.

Ethernet

Talos now provides ethtool-style Ethernet low-level configuration via network/EthernetConfig documents.
Current status of the interface can be read by talosctl get ethernetstatus.

Machine Install Extensions

.machine.install.extensions will have no effect starting from Talos 1.10, the machine config document field is still kept so upgrades from older versions are possible.
Use Boot Assets instead.

Extra Kernel Args

Talos 1.10 on fresh install on UEFI systems will now use systemd-boot and UKIs (Unified Kernel Images)[https://uapi-group.org/specifications/specs/unified_kernel_image/].
This means the kernel command line arguments are part of the UKI and cannot be modified without an upgrade to a new UKI.

Upgrades to Talos 1.10 will preseve the existing bootloader (GRUB for non-secureboot) and sd-boot for Secureboot and this change will have no effect.

To build a boot asset with extra kernel arguments whether an installer or a boot image use either Image Factory or
Imager.

This means kernel arguments not part of the UKI will not be preserved across updates and a proper installer image generated via Imager Factory or Imager is required.

Ingress Firewall

Talos Ingress Firewall now filters access to Kubernetes NodePort services correctly.

iSCSI Initiator

Talos now generates /etc/iscsi/initiatorname.iscsi file based on the node identity which is tied to the lifecycle of the node.
If using iscsi-tools extension, starting with Talos 1.10 would have a more deterministic IQN for the initiator node.
Make sure to update any iSCSI targets to use the new initiator IQN.

The iqn can be read by talosctl read /etc/iscsi/initiatorname.iscsi

ISO

Talos starting with 1.10 will have ISO's that will use GRUB only for legacy BIOS and systemd-boot for modern UEFI systems.

kube-apiserver Authorization Config

When using .cluster.apiServer.authorizationConfig the user provided order for the authorizers is honoured and Node and RBAC authorizers are always added to the end if not explicitly specified.

Eg: If user provides only Webhook authorizer, the final order will be Webhook, Node, RBAC.

To provide a specific order for Node or RBAC explicitly, user can provide the authorizer in the order they want.

Eg:

cluster:
  apiServer:
    authorizationConfig:
      - type: Node
        name: Node
      - type: Webhook
        name: Webhook
        webhook:
          connectionInfo:
            type: InClusterConfig
        ...
      - type: RBAC
        name: rbac

Usage of authorization-mode CLI argument will not support this form of customization.

NVMe NQN

Talos now generates /etc/nvme/hostnqn and /etc/nvme/hostid files based on the node identity which is tied to the lifecycle of the node.

The NQN can be read by talosctl read /etc/nvme/hostnqn

Fully bootstrapped builds

Talos 1.10 is built with a toolchain based on [Stageˣ], which is a project building fully bootstrapped software.
This change increases reproducibility, auditability and security of Talos builds.

This also changes Talos root filesystem structure for unified /usr, with other directories symlinking to /usr/bin and /usr/lib.
System extensions must move their directories accordingly for 1.10.

Component Updates

• Linux: 6.12.19
• CNI plugins: 1.6.2
• runc: 1.2.6
• containerd: 2.0.4
• etcd: 3.5.20
• Flannel: 0.26.4
• Kubernetes: 1.33.0-beta.0

Talos is built with Go 1.24.1.

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitry Sharshakov
• Dmitriy Matrenichev
• Dmitrii Sharshakov
• Joakim Nohlgård
• 459below
• Enrique Hernández Bello
• Justin Garrison
• Mathspy
• Nico Berlee
• Skyler Mäntysaari
• Utku Ozdemir
• ihelmer07
• Adam Cirillo
• Alex Lubbock
• Alexis La Goutte
• Andrew Longwill
• Andrew Symington
• Artem Chernyshev
• Cazmill13
• Christian Luetke-Stetzkamp
• Christoph Hoopmann
• Dennis
• Devin Buhl
• Dominik Masur
• Ermeikin Sergei
• Florian Grignon
• Gabe Alford
• Ganawa Juanah
• Jason Benedicic
• Joakim Nohlgård
• Josef
• K Birt
• KillianCdP
• L.J. Hanson
• Louis SCHNEIDER
• Marcel Hamer
• Mikhail Petrov
• Motte
• Natalie Romana Albers
• Omar
• Orzelius
• PRIHLOP
• Ram
• Robin Elfrink
• Ryan Jacobs
• Serge Logvinov
• Shaderbug
• Stepan Rabotkin
• Thomas Gosteli
• Tim Olson
• Tine Jozelj
• Tobias Kohlbau
• TomyLobo
• Valtteri Huuskonen
• bzub
• greenpsi
• jvanthienen
• mehlc
• pphysch
• sflotat2607
• suse-coder

Changes

270 commits

• a834219ac chore: update dependencies
• 857779b90 docs: clarify custom CA certificate with KMS STATE encryption
• 39ed45ae6 docs: add information about Cilium exclusive CNI
• 087a85f40 feat: support running with SELinux enforcing
• d4aacb0d8 refactor: mount operation for STATE and user disks
• 44f3c7248 fix: kata extension
• 7ca5ab5e9 fix: shrink installer and imager images
• ea0994cfe fix: kexec with smbios type 11 string
• 8e20a5d28 fix: pass /usr/etc/in-container to apid, trustd and extension containers
• 9b9512ba8 feat: update Linux 6.12.19, containerd 2.0.4
• 433b0237b fix: correct structprotogen example
• 6e68a522a chore: fix conformance artifact name
• f592730d9 fix(ci): fix image cache test
• cc6c714ce feat: add Tegra modules to initrd
• 81d1fe0f8 fix: add missing TOOLS_PREFIX for WITH_DEBUG_SHELL builds
• 3e38bf6d4 fix: ignore missing config (nocloud) via cidata
• 27a4486a8 docs: fix typo cluser -> cluster
• ac79b1ea0 feat: pull in Intel STTMAC network drivers
• 9bb5c060c chore: bump go-kubernetes
• 2b8e08234 feat: deprecate .machine.install.extensions
• b7446372b docs: add documentation on unofficial SBC forks
• 9bec765c4 feat: talosctl kubeconfig write to stdout option
• 11ebb1078 fix: kexec when using sd-boot
• 61f1a32d2 test: allocate more resources for conformance runs
• b8b7b83f8 chore: extraKernelArgs validation for UKI's
• e2df0c6d3 docs: update siderolink.md
• f9b14e784 fix: reconnect on SideroLink tunnel on/off change
• 29f7b3bf3 test(ci): use k8s websocket executor for tests
• 9531c1c6d fix(ci): image-cache cron
• 90abdc489 feat: update Kubernetes to 1.33.0-beta.0
• 9a5914048 refactor: ephemeral mount
• e4fb1c06a docs: update for predictable interface naming
• 729fce306 feat: update Linux to 6.12.18
• b4d2e1c3c fix: typo in machinery CloudPlatforms
• 7e0475488 fix: qemu: archive cluster logs only after stopping VMs
• dab30a8b9 fix: ensure no goroutines escape in dns controller
• fce824e2f fix: change from "init6" to "inet6" in docs
• f51ebd1bc chore: fix the mount cache ids in the Dockerfile
• 4365aecbd test: use standard installer for e2e-iso
• 431178327 feat: update Kubernetes to v1.33.0-alpha.3
• 1259345e4 fix(ci): image-cache cron
• 18871a7eb chore: tidy labeled-squashfs.sh
• d45259f89 feat: update Flannel to 0.26.5
• e83ef0e2e docs: update proxmox.md
• 3def5f9a6 feat: update etcd to 3.5.19
• c3c0d2e42 test: fix dns test in race mode
• 17965c32f chore: update Go to 1.24.1
• 1fbb2d1a7 docs: update nvidia-gpu-proprietary.md
• d60972bdf chore: add installer-base to the list of signed images
• ab6cb3dfa chore: disable azure upload
• 2355218e4 release(v1.10.0-alpha.2): prepare release
• d4e3e957c fix(ci): fix integration tests
• 1849b5388 feat: update dependencies
• 88fc6bbeb test: fix UKI preserving talos.config and image cache
• ba8cd304d test: enable image-cache in the cron
• 28b5dc738 test: fix reproduciblity test
• 50998038b feat: prefer sd-boot for UEFI
• e831e52e0 feat: add support for qla2xx
• ec5c049a5 feat: update Kubernetes to 1.33.0-alpha.2
• ebfa82f35 docs: update deprecated command
• d79059a2c chore: fix shutdown typo in shutdown sequence
• a3f88d2ef fix: block NodePort services with ingress firewall
• fd8131cb8 feat: generate unified installer
• ebfdb91b4 fix: handle dynamic HTTP proxy settings for discovery client
• d45eaeb74 fix: correctly map link names/aliases when using VIP operator
• 7c4e47c0c chore: stop doing generate on each build
• b1d410cb6 feat: dual boot disk image
• 468e318ba fix: multiple fixes for dashboard/no data
• 3dd8d9aed docs: update resetting-a-machine.md to include example of reset
• 7af8f6b2f feat: validate docker image references in upgrade options
• c949f55e6 docs: remove typo on resetting a machine page
• f5c097041 feat: add description to schema object defs
• 79ee304e1 chore: update enumer to a version that fixes Go 1.24 compatibility
• 46d67fe44 chore: update Go to 1.24, update pkgs
• 7f1dd2669 fix(ci): fix integration-misc crons
• 26a773d3f docs: add a note about syslog sending messages to services
• 7ce053638 fix: ignore digest part of images when checking version
• ae1b00354 feat: support noclooud instance-id from dmi
• 58661dea7 docs: update getting-started.md
• 94cf9fb84 chore: fix spurious generate failures
• 32a34791e fix: typo in Makefile target talosctl-freebsd-arm64
• 1b4464c8a feat: update Kubernetes to 1.32.2
• 9463ac23e fix: make ingress firewall filter traffic to nodeports
• 8531d91a1 fix: blockdevice transport detection
• ce616d93a fix: path for ca-certificates
• f35b58779 fix: fix diff printing
• bf0f910a1 chore: provide more logging for dns requests
• 607998ba2 feat: support uki profiles via imager
• 711cf2d99 fix: ignore errors to stop pods
• 142d75483 fix: handle empty registry config
• 47f377b21 feat: implement the last ethtool feature - channels
• 88cf69b8c feat: multi profile UKIs
• 557faad75 feat: update Linux to 6.12.13
• 5dbf9e350 refactor: implement volume mount controller
• aa11e9abb fix: make image cache volume management less strict
• 26a62e342 docs: fix typo in Wireguard docs
• 0419f5d8b feat: implement features in ethtool-like support
• cd66fc6e8 feat: use bootstrapped packages for building Talos
• 2b5bd5d1d chore: upgrade siderolabs/go-loadbalancer
• 15191aa3e fix: extract cmdline multi profile UKIs
• 716f700da feat: provide initial support for ethtool configuration
• b726e2f9f feat: update Flannel to 0.26.4
• 98d56d4d6 chore: track opened grpc connections
• 5e28c8e03 fix: image cache volume provisioning
• c9667813d chore: remove containerd importer
• 270ffb69a fix: duplicate qemu drive ids
• 71ec41be1 fix: build of Talos on non-Linux host
• e2aa7c98c fix: installer with SecureBoot should contain UKIs
• 6e22c06c3 release(v1.10.0-alpha.1): prepare release
• 3a2d9867b fix: do not close client.Client.conn with finalizer
• 73f30ff25 feat: bump pkgs for udev update
• aea90cb8f docs: update hyper-v
• b7165615f fix: use local NTP for AWS platform
• 673ca4bcb fix: ensure proper closure of client.Client.conn with finalizer
• 19040ffd6 fix: handle of PE sections with duplicate names
• 83489d348 docs: add note about vmxnet and flannel conflict
• f1292f5e7 docs: add iscsi-tools extension to prerequisites
• 93b4a3740 test: bump timeout on rotate CA test
• 42e166984 feat: support kexec from uki
• 8da264946 docs: add Orange Pi 5 to Image Factory platforms and documentation
• c5fb62e2e feat: update Linux to 6.2.11
• 83d007c16 feat: update etcd to 3.5.18
• edf7c3288 fix: pe uki extract
• 70f72c5b0 docs: update multus.md
• 807a3cd29 refactor: all network merge controllers
• ec8c4660e docs: update vmware.md
• baf81cd49 fix(ci): k8s integration suite wait for resource
• cd5e54903 feat: generate iso's with both UKI and grub
• 75673b6a3 feat: provide stable symlinks in disk resources
• f407c88e4 fix(ci): wait for longhorn node resource
• 601cdccb9 feat: extract kernel/initrd from uki for grub
• ff175b9fb docs: update disk-encryption.md
• a8d84e315 docs: fix typos and add more explanations in docs
• 3a384240e fix: invalid date field in iqn/nqn
• 82c9ec158 chore(ci): add tests with longhorn v2 engine
• 689ea1dbf fix: bring back disk UUID
• 7a712fad2 fix: disks with 4k sector size and systemd-boot
• d62a34aaf feat: update tools/pkgs/extras
• b9a8ad6ac chore: de-hardcode list of extra images for image-cache test
• 683153a33 docs: remove the last mentions of preserve flag for Talos 1.8+
• 33c7f4195 docs: fix typo an MacOS to on MacOS
• 21cff3919 chore(ci): fio benchmark results as separate artifacts
• 0b7fc7cdf fix: abort node watch on hostname change
• 99ba53941 docs: remove the mention of preserve flag for Talos 1.8+
• bde516fde chore(ci): rework iscsi-tools extensions test
• e1efbf656 refactor: extract platform metadata into Talos machinery
• 79987c05d feat: generate iqn and nqn files
• 0cab6ed17 docs: update troubleshooting.md
• 921e10254 chore: update Go to 1.23.5
• 399d53b54 fix: ignore forbidden error when waiting for pod eviction
• 8dea57a81 fix: make etc binds read-only
• 63157dcb4 docs: update SideroLinkConfig example
• fc7080e34 chore: clear cache after updating upstreams
• 51e0f273f docs: update documentation for Talos 1.9.2
• e06b14112 feat: update Kubernetes to 1.32.1
• 4310b290d fix: generate UKI only if actually needed
• a8cd99102 docs: update OpenEBS Mayastor installation
• cf45f4764 docs: add Radxa ROCK 5B docs to Single Board Computer section
• b21bdc5e5 chore(ci): save csi tests fio results
• 01c86832c chore(ci): add test for OpenEBS MayaStor
• c77483510 test: update talosctl debug air-gapped
• ddd695d93 feat: update containerd to 2.0.2
• da2e81120 fix: add informer resync period for node status watcher
• 9b957df64 chore: uki code restructure
• e41a99525 fix: kube-apiserver authorizers order
• db4ca5668 feat: add a kernel parameter to disable built-in auditd
• faa149003 feat: update Linux to 6.12.9
• 8de19758d fix: a couple of imager panics/crashes
• 5bc3e34cb fix: detect GPT before ZFS
• ed7e47d15 refactor: drop usage of objcopy to generate UKIs
• edf5c5e29 fix: extfs repair and resize
• 6e32ea5b7 fix: merge of VolumeConfig documents with sizes
• 1be5f8ff2 feat: update Linux to 6.12.8
• e6a4583ba feat: support generating unsigned UKIs
• bbd6067d4 fix: partition alignment on disks with 4k sectors
• 84fcc976f fix: yet another dashboard panic
• 6d605fc85 fix: disable NRI plugin in a different way
• 499695e24 fix: request previous IP address in discovery
• cc84caf8c docs: update Cilium documentation
• fa5300d91 chore: revert: drop deprecated allowSchedulingOnMasters
• 0abb3dabf docs: fix command to wait for ceph-rook HEALTH_OK
• 32c67c27c chore: drop deprecated allowSchedulingOnMasters
• ae6d065be fix: mount selinuxfs only when SELinux is enabled
• 5ccbf4bcd feat: enable configfs
• 59582496d feat: bring in partity with sd-257
• 83d84a831 chore(ci): better zfs checks
• 650eb3a4f refactor: rewrite cloud uploader to use AWS SDK Go v2
• 01bf8449b fix: update field name for bus path disk selector
• e915c98d5 fix: exclude disks with empty transport for disk selector
• b7a7fdc4b refactor: generate /etc/os-release file static way
• e79c9e127 chore(ci): drop equinix metal e2e-test
• 418945444 fix: build of talosctl on non-Linux platforms
• 4761a9e6a chore: update dependencies
• f98efb333 fix: ignore member not found error on leave cluster
• b72bda0a4 fix: talosctl support and race tests
• 27233cf0f test: use node informer instead of raw watch
• 5dc15e8db fix: update go-blockdevice to v2.0.9
• 5f3acd0f2 fix: use correct default search domain
• 7e5d36d46 fix: pci driver rebind config validation
• 4b97bbc3f fix: pull in containerd CNI deadlock fix
• 066480722 test: fix apparmor tests
• 82ea44a6b fix: reduce installer image
• 78b3e7f4f fix: get next rule number for IPv6 in the appropriate chain
• 675854aa0 docs: fix two typos
• f70b7386a test: add a xfs makefs test
• 8212e4864 refactor: use quirks in kernel args
• b4aa5189d release(v1.10.0-alpha.0): prepare release
• bd85bd5b7 fix: fix Failed to initialize SELinux labeling handle udev error
• 73c82e3e5 feat: bring Linux 6.12.6, CNI plugins 1.6.1
• c12b52491 docs: document Kubernetes service registry incompat with K8s 1.32
• a5660ed77 feat: pcirebind controller
• 4c3261626 docs: fix several typos
• fb3675321 fix: dashboard crash on CPU data
• dec0185c8 chore: reduce memory usage for secureboot functions
• cee6c60a0 fix: make talosctl time work with PTP time sync
• f75604313 chore: support gcr.io auth for cache and image gen
• 6ef2596da docs: improve Hetzner documentation
• 7d39b9ec2 feat: remove cgroupsv1 in non-container mode
• 8003536c7 fix: restore previous disk serial fetching
• 03116ef9b chore: prepare for Talos 1.10
• 00682fdd6 docs: activate 1.9 docs as default
• bea05f5c9 docs: update deploying-cilium.md
• 284ab1179 feat: support link altnames/aliases
• 5bfd829bf docs: fix 'containter' typo
• 8d151b771 docs: clarify TALOSCONFIG for AWS
• 0ef19171f fix: renovate typo
• c568adc7d fix: renovate config
• ec2e24fd9 fix: match MAC addresses case-insensitive (nocloud)
• 41a0c440a chore: rekres for renovate changes
• a49bb9ee4 feat: update Linux to 6.12.5
• b15917ecc chore: add more debugging logs for META and volumes
• 2b1b326f0 docs: mention different paths for OpenEBS
• 9470e842f test: cleanup failed Kubernetes pods
• c9c685150 fix: node identity flip
• 590c01657 feat: update containerd to v2.0.1
• 18fa5a258 docs: update image-cache doc for iso
• ab5bb6884 fix: generate and serve registries with port
• 58236066d fix: support image cache on VFAT USB stick
• e193a5071 fix: image cache integration test
• 08ee400fd test: fix flaky test NodeAddressSort
• d45e8d1d1 feat: update Kubernetes to 1.32.0
• 136b12912 chore: drop semicolon for supporting vfat filesystems
• 3e9e027ef test: add an option to boot from an USB stick
• ef8c3e3b3 docs: fix typo in multus.md
• d54414add fix: authorization config gen
• cce72cfe8 docs: replace deprecated Hetzner server plans
• 81805103d chore: enable proper parallel usage of TestDepth
• e1b824eba docs: update ceph-with-rook.md
• 470b75563 fix: use mtu network option for podman
• 61b1489a0 fix: order volume config by the requested size
• bc3039acd feat: update runc to 1.2.3
• 30016a0a8 fix: avoid nil-pointer-panic in RegistriesConfigController
• fe0457152 fix: power on the machine on reboot request in qemu power api
• 10da553ef docs: build what's new for 1.9
• d946ccae3 feat: update Linux to 6.12.4
• 707a77bf6 test: fix user namespace test, TPM2 fixes
• c3537b2f5 feat: update Linux to 6.12.3
• cb4d9d673 docs: fix a few mistakes in release notes
• c4724fc97 chore: add integration tests for image-cache
• 07220fe7f fix: install iptables-nft to the host
• 14841750b chore: add version compatibility for Talos 1.10
• 852baf819 feat: support vlan/bond in v1, vlan in v2 for nocloud
• dd61ad861 fix: lock provisioning order of user disk partitions
• d0773ff09 chore: update Go to 1.23.4
• 7d6507189 feat: implement new address sorting algorithm
• 9081506d6 feat: add process scheduling options
• 77e9db4ab test: use two workers in qemu tests by default
• 5a4bdf62a feat: update Kubernetes to 1.32.0-rc.1
• d99bcc950 chore: refactor mergeDNSServers func
• 0cde08d8b docs: add Turing RK1 docs to Single Board Computer section

Changes since v1.10.0-alpha.2

49 commits

• a834219ac chore: update dependencies
• 857779b90 docs: clarify custom CA certificate with KMS STATE encryption
• 39ed45ae6 docs: add information about Cilium exclusive CNI
• 087a85f40 feat: support running with SELinux enforcing
• d4aacb0d8 refactor: mount operation for STATE and user disks
• 44f3c7248 fix: kata extension
• 7ca5ab5e9 fix: shrink installer and imager images
• ea0994cfe fix: kexec with smbios type 11 string
• 8e20a5d28 fix: pass /usr/etc/in-container to apid, trustd and extension containers
• 9b9512ba8 feat: update Linux 6.12.19, containerd 2.0.4
• 433b0237b fix: correct structprotogen example
• 6e68a522a chore: fix conformance artifact name
• f592730d9 fix(ci): fix image cache test
• cc6c714ce feat: add Tegra modules to initrd
• 81d1fe0f8 fix: add missing TOOLS_PREFIX for WITH_DEBUG_SHELL builds
• [3e38bf6d4](https://redirect.github.com/siderolabs/talos/commit/3e38bf

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.