AL2023 AMI Upgrade EKS Cluster aws-load-balancer error

If I need to create a launch Template with Hop Limit =2 , then what is the use of taking the AL2023 AMI for nodegroup? How can I use the alb ingress without using a launch template and AMI - Amazon Linux 2023 for node groups

When upgrading from Amazon Linux 2 (AL2) to Amazon Linux 2023 (AL2023) for your EKS node groups, the error you're seeing with the AWS Load Balancer Controller is likely related to one of the key differences between AL2 and AL2023.

AL2023 requires Instance Metadata Service Version 2 (IMDSv2) and sets the default hop count for managed node groups to 1, which restricts containers from accessing node metadata. This is why your AWS Load Balancer Controller is failing with the error "failed to fetch VPC ID through ec2 metadata" - it's trying to access the EC2 instance metadata but can't reach it due to the hop count limitation.

To resolve this issue, you need to increase the HttpPutResponseHopLimit to 2 in your EC2 launch template. This will allow containers running in your pods (like the AWS Load Balancer Controller) to access the instance metadata.

If you're using a launch template for your node group, modify it to include this setting. If you're not using a launch template, you may need to create one with this configuration.

Additionally, ensure you're using Amazon VPC CNI add-on version 1.16.2 or later, which is required for AL2023.

Another approach would be to use Amazon EKS Pod Identity instead of relying on instance metadata for credential access, which is a more secure and recommended approach for accessing AWS resources from your pods.
Sources
Amazon Linux 2023: task blocked for more than 122 seconds | AWS re:Post
Upgrade from Amazon Linux 2 to Amazon Linux 2023 - Amazon EKS