Closed
Description
I am attempting to set up a pull through proxy for my AWS EKS cluster.
AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE are set for the container and AWS_ROLE_ARN is the service account role with S3 permissions via IRSA.
Bashing in and running wget -qO- http://169.254.169.254/latest/meta-data/iam/security-credentials/ returns the node role (expectedly).
registry fails to start with "Access denied" and S3 access logs report the node role.
The registry should prioritize the service account role over the node role.
This is likely an issue with the underlying awsgo library but I am opening an issue here to start.
Related: #2172