Tero Saarni is a Principal Developer with 26 years of experience building secure, high-availability Linux-based systems and cloud-native infrastructure from embedded telecom nodes to Kubernetes deployments. Based in Turku, Finland, he blends deep systems and networking expertise with hands-on security work—designing architectures, troubleshooting complex production issues, and driving certificate/secret management improvements in projects like Envoy and Contour. A three-decade Linux user and open source advocate, he has contributed notable security and TLS/SSL enhancements across widely used projects including Envoy, HashiCorp Vault, Keycloak and Gunicorn. At Ericsson he has led container and Kubernetes security efforts, focusing on certificate rotation, TLS hardening and reliable ingress behavior. Colleagues value his pragmatic craftsmanship: comfortable moving between C/C++, Python and Go, and translating low-level protocol details into production-ready solutions. An often-overlooked detail: he pairs telecom-grade scalability experience with practical DevOps improvements such as CI/test infrastructure and dependency security upgrades.
26 years of coding experience
24 years of employment as a software developer
B.Sc., Data communications, B.Sc., Data communications at Turku University of Applied Sciences
Contour is a Kubernetes ingress controller using Envoy proxy.
Role in this project:
Back-end Developer & DevOps Engineer
Contributions:5 releases, 503 reviews, 53 commits in 2 years 11 months
Contributions summary:Tero's commits primarily focused on improving the ingress route validation and certificate handling within the Contour Kubernetes ingress controller. They addressed bugs related to certificate verification and certificate rotation. The user also added a feature for client authentication and improved the bootstrap process by supporting Envoy xDS certificate rotation for deployments. Furthermore, the user made changes to enforce TLS 1.2 and 1.3, added support for overload managers, and contributed towards configurable log level for access logs, improving overall reliability and security.
Contributions:25 reviews, 4 commits, 10 PRs in 1 year 2 months
Contributions summary:Tero primarily contributed to the Envoy proxy's SDS (Secret Discovery Service) implementation, focusing on certificate and secret management. They implemented certificate hot-reloading for xDS gRPC connections and added support for hot-reloading CRL files. Additionally, the user worked on translating extension configurations for access logging and introduced the option to set signature algorithms in TLS parameters. Their work involved modifying core components and adding documentation related to these features.
nanoservicesmore-catsgolangcontainersproxy
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.