Is IMDS v2 or IRSA supported?

[snakebyte91]

I need to force the usage of Instance Metadata Service v2 for my EKS nodes in AWS. With v1 docker-image-resource is able to pull images from ECR with the instance role. With v2 docker-image-resource seems not be able to use the instance role.

A other solution is to use IAM roles for service accounts (IRSA) in AWS. But this also does not work.

resource_types:
  - name: example
    type: docker-image
    source:
      repository: <account_id>.dkr.ecr.eu-central-1.amazonaws.com/<repository_name>
      tag: 0.0.1

Error messages:
IMDS v2: ...credentials not found in native keychain...
IRSA: ...401 not authorized...

[airport533]

Hi

Any update on this please as I am having the same issues?

Thanks

[pablokbs]

For anyone that gets to this issue in the future, I have concourse running in Kubernetes with IMDSv2 enabled. The key was to set metadata_http_put_response_hop_limit to 3. Per the AWS doc