Ben Cressey

[How do I resolve a failed health check for a load balancer in Amazon EKS?](https://repost.aws/knowledge-center/eks-resolve-failed-health-check-alb-nlb) might have some useful steps to try. Beyond that - if you comment out the...

According to https://github.com/aws-samples/containers-blog-maelstrom/issues/73 you are also using Cilium CNI which I am less familiar with in an AWS context. [Migrating Cilium from Legacy iptables Routing to Native eBPF Routing in...

Just a guess based on this error: ``` failed to apply OCI options: path "/boot" is mounted on "/boot" but it is not a shared or slave mount ``` This...

Specifically for `device_ownership_from_security_context` - my understanding from the linked blog post is that this only applies to device nodes added through the [device plugin API](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/). While allowing this option to...

[Bootstrap containers](https://bottlerocket.dev/en/os/1.17.x/concepts/bootstrap-containers/) are the supported mechanism for running scripts at startup. [stefansundin/bottlerocket-bootstrap-exec-user-data](https://github.com/stefansundin/bottlerocket-bootstrap-exec-user-data) is one example. The EBS CSI driver supports block volumes so you could potentially also model this as...

`privileged: true` currently has the effect of silently overriding any custom SELinux label. The workaround is to not set it, but to enable all capabilities, disable seccomp, etc, to gain...

@slashben these actions are currently restricted to `super_t`, which is meant to be a deliberate opt-in to system calls that can break host functionality in surprising ways. In this case...

@gthao313 what do you mean "we still use it"? We provide a symlink from `dockershim.sock` to `containerd.sock` but Bottlerocket itself doesn't depend on `dockershim.sock` functionality.

I'm working on this, and expect to have a pull request up in the next day or so.

Possibly related to https://github.com/kubernetes/kubernetes/issues/118261 which first appeared in 1.26 - if pods have duplicate fields (ports or environment variables), then they can't be updated via server-side apply and get stuck...