Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is IMDS v2 or IRSA supported? #340

Open
snakebyte91 opened this issue Nov 2, 2021 · 2 comments
Open

Is IMDS v2 or IRSA supported? #340

snakebyte91 opened this issue Nov 2, 2021 · 2 comments
Labels
enhancement help wanted

Comments

@snakebyte91
Copy link

I need to force the usage of Instance Metadata Service v2 for my EKS nodes in AWS. With v1 docker-image-resource is able to pull images from ECR with the instance role. With v2 docker-image-resource seems not be able to use the instance role.

A other solution is to use IAM roles for service accounts (IRSA) in AWS. But this also does not work.

resource_types:
  - name: example
    type: docker-image
    source:
      repository: <account_id>.dkr.ecr.eu-central-1.amazonaws.com/<repository_name>
      tag: 0.0.1

Error messages:
IMDS v2: ...credentials not found in native keychain...
IRSA: ...401 not authorized...
@airport533
Copy link

Hi

Any update on this please as I am having the same issues?

Thanks

@pablokbs
Copy link

pablokbs commented Mar 8, 2023
edited
Loading

For anyone that gets to this issue in the future, I have concourse running in Kubernetes with IMDSv2 enabled. The key was to set metadata_http_put_response_hop_limit to 3. Per the AWS doc

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xtremerui @pablokbs @snakebyte91 @airport533