Software engineer working close to the OS, storage, and platform layers -
Kubernetes internals, immutable Linux, and Go systems programming.
- π§ I build cloud-native infrastructure and spend most of my time in Kubernetes internals and immutable operating systems.
- π§ Active contributor to Talos Linux / Omni (siderolabs) and Incus / Incus OS (lxc).
- 𧡠I like working at the boundary where the OS meets the cluster - volumes, networking, supply-chain security, and node lifecycle.
- βοΈ I write about what I learn at 0xpranav.hashnode.dev.
I contribute upstream to two production-grade infrastructure platforms, with work spanning networking, storage, supply-chain hardening, and operator tooling.
- Recurring contributor - Talos Linux & Omni (siderolabs): Comfortable navigating the Talos codebase end-to-end, from kernel packaging to controller-level config documents.
- Contributor - Incus / Incus OS (LXC): Operator-facing tooling and multi-tenant storage isolation for the immutable Incus OS.
- I drive features through real design discussion with maintainers - including cases where the team ultimately shipped a different approach, and the value was in the exploration.
| Project | Contribution | Impact |
|---|---|---|
| Talos #13374 | Declarative nftables NAT config documents | Adds SNAT, DNAT & masquerading as first-class declarative config |
| Talos #13082 | HTTP network probe support | Removes false positives from TCP probes in proxy-gated environments |
| Talos #12631 | tmpfs support for STATE & EPHEMERAL volumes | Enables running Talos on devices with no persistent storage |
| Talos #12585 | Opaque mount options for volumes | Unblocks advanced FS options like noatime / secure mounts |
| Talos #12085 | Configurable dashboard console device | Dashboard access over serial console for headless servers |
| Omni #2033 | Image digest pinning for K8s components | Hardens the supply chain against compromised registries |
| Omni #1976 | omnictl multi-directory apply |
kubectl-style ergonomics for multi-cluster config |
| Incus #3162 | Per-project storage pool restrictions | Proper multi-tenant storage isolation |
| Incus OS #1135 | API endpoint for signed recovery scripts | Run recovery without reboot or temporary mounts |
More contributions
Talos Linux
- #12504 - Kubespan as a multi-document config type (cleaner WireGuard mesh config)
- #12751 - Safer
talos upgradeby removing the image parameter to avoid node-bricking - #1384 - Built & packaged the
perfbinary for the Talos kernel - go-blockdevice #144 - LUKS2 header validation (per Trail of Bits research)
Omni
- #1986 - Cluster-validity checks in
omnictl kubeconfig - #2353 - Fixed Docker Compose startup via required SQLite storage flag
- #2062 - Grafana dashboards for new Omni metrics
- Backend refactors: #2060 Β· #2079 Β· #2083 Β· #2088 Β· #2091
Incus OS
- Design in the open, before the diff.: For infra-critical features (NAT, mount options, image pinning) I lead with the design discussion so maintainers can weigh trade-offs early.
- Document the "why," not just the "what.": Every non-trivial PR explains the operational scenario it unblocks, so reviewers and future readers understand intent easily.
I write about Kubernetes internals, immutable operating systems, and Go systems programming on my blog.
β‘οΈ 0xpranav.hashnode.dev
- πΌ LinkedIn: pranav-patil
- π Blog: 0xpranav.hashnode.dev
- π GitHub: @pranav767
- π» Twitter: pranav767