CrossnoKaye production jumps 10X with support of Talos Linux

CrossnoKaye previously relied on k3OS to manage its edge clusters. As k3OS approached end-of-life, CrossnoKaye sought a modern OS with a more simplistic footprint.

One of the biggest concerns was non-idempotent upgrades. k3OS made it difficult for CrossnoKaye to push updates to remote devices. The team needed an operating system that provided immediate feedback on issues and enabled easy rollbacks as necessary. A clearly defined upgrade path and centralized identity management were essential.

The team also needed a solution to laborious provisioning, as installing k3OS, configuring it, and shipping it to customer sites could take hours. Technicians often had to remotely access customer laptops through TeamViewer just to get devices online.

“My favorite outcome is when you finally provision a machine with Talos Linux, it comes up, it’s reachable, and Kubernetes has the minimum amount of stuff in it needed to run.”

Raymond Douglas, Senior Infrastructure Engineer, CrossnoKaye

CrossnoKaye was drawn to Talos Linux because of its focus on safety, resilience, and programmatic control. The minimal, unopinionated approach fit perfectly with CrossnoKaye’s deployment model and provided them with a “clean slate.” Talos Linux includes only the core Kubernetes components and allows CrossnoKaye developers to run software on both edge and cloud using nearly identical pipelines.

Talos Linux provides them with a robust keying infrastructure with no shell access and no unnecessary services. Each machine has a unique identity, including certificate chains for Talos API and Kubernetes, and a revocable WireGuard identity tied to its hardware serial number. Even if a device is lost or stolen, it cannot be tampered with, providing the team with a “hermetically sealed box.”

Talos Linux’s API-first design and network boot capabilities have fundamentally changed how CrossnoKaye manufactures and ships its devices. Each unit now boots directly from the network, retrieves a signed Talos kernel and filesystem, and pulls its unique configuration securely from an API without the need for manual intervention. Visual indicators on the enclosure signal when provisioning is complete. By combining this hands-off, declarative process with Talos’s built-in security and immutability, CrossnoKaye has fully automated device provisioning at the manufacturing site. This transformation has streamlined production, reduced complexity, and led to significant savings in both time and operational costs.

CrossnoKaye also leverages bespoke system extensions to run software below Kubernetes, tunneling all traffic to their AWS endpoints and making processes auditable and source-controlled.

Talos Linux enabled CrossnoKaye to transform their edge infrastructure and manufacturing processes. What once required a hands-on approach is now entirely automated and programmatic. Manufacturing partners can provision entire enclosures themselves, without intervention from CrossnoKaye engineers, booting bare-metal devices with Talos Linux, fetching configurations from their platform, and shipping with no human intervention. This has enabled CrossnoKaye to scale from 10s of facilities per year to hundreds.

Additionally, the platform is predictable and auditable. Each device dynamically requests its configuration using the serial number templated into the configuration request at boot, ensuring repeatable, traceable, and secure provisioning every time.

With Talos Linux, CrossnoKaye guarantees safe, reliable upgrades. They can push updates, receive immediate feedback, and roll back quickly if needed. The YAML required has gotten smaller and smaller over the years, to the point where they don’t even keep YAML around anymore, instead using Talos’s Go packages.

Operational efficiency has skyrocketed. What once required TeamViewer, manual installs, and on-site coordination now runs with fully automated delivery, from firmware to Kubernetes, and the team can now ship devices directly from the manufacturer to a customer site without ever touching them.

And they’re not done. CrossnoKaye is already looking to Talos’s TPM support to enable disk encryption across the fleet and see potential for multi-node clusters as part of their future plans. For now, they have a platform that’s not just stable but built for long-term scale. Raymond Douglas comments, “I couldn’t imagine pivoting to a different OS product right now.”