Erikson Tung

Closing this issue as the datadog helm charts `>=v2.32.5` allows users to address this issue. Please feel free to re-open if necessary.

Hi, Bottlerocket introduced [this change](https://github.com/bottlerocket-os/bottlerocket/commit/778379fd89c64c90ad2355bec04b1f62cc54e768) back in June 2022 that disallowed container runtime processes from being able to execute host binaries. This was done to better improve our security posture...

Hi @stk0vrfl0w, Can you please describe in more detail what steps you took to apply the SELinux skip relabeling fix? The description in https://github.com/bottlerocket-os/bottlerocket/issues/2656#issuecomment-1408912457 might not be super clear. Without...

Hi @runningman84, the data volume is where the data partition resides and Bottlerocket grows the data partition to fill the full size of the volume upon boot. The data partition...

Hi @otterley, ~Can you try specifying the parameters like so:~ ```toml [settings.boot.kernel-parameters] "hugepagesz" = [ "1G", "10" ] ``` ~That should help preserve the order.~ EDIT: It's not a duplicate...

Thanks for opening the issue. We'll have to take a closer look into how to go about fixing this.

Hi, the configuration specified in `settings.container-registery` gets passed to docker/containerd/kubelet's configuration for configuring registry mirrors and credentials as is. It's likely that you would need to specify creds to be...

Hi @maxtacu, in the case of using a private ECR image directly with K8s pods, `kubelet` can get the ECR credentials from the AWS cloud provider (specifically the [ECR credentials...

Thanks for reaching out! We'll take a closer look at this.

EKS optimized AMI's `sshd_config` limits the cipher suites to the following by default: ``` Ciphers aes128-ctr,aes256-ctr,[email protected],[email protected] ``` We should consider doing the same. Users can still override with the admin...