Container | Practical Engineering

x509: certificate signed by unknown authority? Maybe the cert pool is empty

Apr 15, 2025 · 6 min read · Linux Container SELinux Bottlerocket ·
Share on:

I recently worked on getting amazon-ssm-agent to run inside containers on Bottlerocket. During that process, I ran into a TLS issue connecting to amazonaws.com. The root cause turned out be interesting and we'll walk through it in this post. Running amazon-ssm-agent in a container: why and how? To enable sessions …

Read More
Missing Container Disk I/O Stats with cgroup v1 on Kernel 6.1

Nov 9, 2024 · 4 min read · Linux Container ·
Share on:

As the Amazon Linux 2 (AL2) approaches its End of Life on 2025-06-30, we have started migrating our container platform from AL2 to Amazon Linux 2023 (AL2023). The migration encountered a few speed bumps. In this post, we'll look at one of them: missing container disk I/O stats. Why are container I/O dashboards blank? …

Read More