Feature request: token from metadata extraction support

[antonKirkPalark]

Hello, colleagues! In some AWS clusters, we use the EC2 instance profile to access ECR (IMDS), but image-availability-exporter doesn't support it, and all images are reported as unavailable. Can you please add support for this feature?

[nabokihms]

This is a though question. Does k8s-iae need to support all cloud providers? Probably no, because there is an indefinite number of providers. As a generic feature, k8s-iae supports docker credentials protocol, that can authenticate you in any registry (there is one for AWS).

I think we can consider adding support for the limited number of clouds, e.g. AWS, GCP, Azure (big three), but it will require more work like adding tests for each cloud.

[antonKirkPalark]

Yes big three clouds support would be a good option. Another providers, for example Yandex, mimics metadata from AWS/GCP so it can be useful for them too. But maybe exporter can use kubelet+cri to pull images instead of doing it by himself? Create fake pods for example? Or it will be too slow or need too much permission for exporter?