I need to force the usage of Instance Metadata Service v2 for my EKS nodes in AWS. With v1 docker-image-resource is able to pull images from ECR with the instance role. With v2 docker-image-resource seems not be able to use the instance role.
A other solution is to use IAM roles for service accounts (IRSA) in AWS. But this also does not work.
For anyone that gets to this issue in the future, I have concourse running in Kubernetes with IMDSv2 enabled. The key was to set metadata_http_put_response_hop_limit to 3. Per the AWS doc
I need to force the usage of Instance Metadata Service v2 for my EKS nodes in AWS. With v1 docker-image-resource is able to pull images from ECR with the instance role. With v2 docker-image-resource seems not be able to use the instance role.
A other solution is to use IAM roles for service accounts (IRSA) in AWS. But this also does not work.
Error messages: IMDS v2: ...credentials not found in native keychain... IRSA: ...401 not authorized...