I know that there is this helper - https://github.com/aws-containers/amazon-ecr-public-creds-helper-script-for-k8s but it says that "This repository was archived as Amazon ECR Public today handles all image pull requests sent from workloads on AWS compute as authenticated requests".
I couldn't find any documentation on aws side that confirms this. My question is: If my pod is hosted on EKS with aws managed nodes - are images pull requests that the pod runs during startup authenticated with ECR Public? or are they unauthenticated? If they are not authenticated, how do I configure the imagePullSecrets to work with the relevant creds-helper?
On AWS-managed or self-managed nodes, the EKS Node IAM role must contain the required permissions for authenticating to ECR. Depending how you have created your cluster, this may already be setup for you by default. EKS will handle performing ECR authentication for you.
Your cluster role should also have the AmazonEKSClusterPolicy policy attached.
If you are running your workloads are Fargate, you must use a pod execution role to give your pods access to ECR.
Additional references: