Tag: AWS
Amazon Web Services
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| prequel-2025-0077 Low Impact: 2/10 Mitigation: 2/10 | OTEL Target Allocator Could Not Find Colletgor on Fargate Node | The OTEL Collector is not scheduled on the Fargate node. | OTEL Problems | otel-operator | OTELAWSFargate |
| prequel-2025-0078 Low Impact: 6/10 Mitigation: 5/10 | AWS LoadBalancer Security Group Failure | While reconciling a TargetGroupBinding the AWS Load Balancer Controller inspects the ENI attached to each pod (IP mode) or worker node (instance mode). If it finds **zero or more than one** security group carrying the cluster-ownership tag `kubernetes.io/cluster/<cluster-name>: owned`, it aborts and logs: ``` Reconciler error … targetGroupBinding … expected exactly one securityGroup tagged … ``` When this happens the controller never attaches nodes/pods to target groups, so the load balancer comes up with **0 healthy targets**. | AWS Problems | aws-load-balancer-controller | AWSLoadbalancerSecurity Group |
| prequel-2025-0079 Medium Impact: 3/10 Mitigation: 3/10 | AWS Cluster Autoscaler Access Denied | **Cluster Autoscaler** tries to fetch node-group metadata to decide whether it can scale a workload-affinityed pod. The call to the EKS control plane fails with ``` Failed to get labels from EKS DescribeNodegroup API for nodegroup <name> … AccessDeniedException: User <ARN> is not authorized to perform: eks:DescribeNodegroup on resource: arn:aws:eks:<region>:<acct>:nodegroup/… ``` Once the error is hit the Autoscaler marks the node-group **Not-Ready for scaling actions**, so pending pods remain unscheduled and scale-down decisions are skipped. | AWS Problems | aws-cluster-autoscaler | AWSAutoscaling |
| prequel-2025-0090 High Impact: 8/10 Mitigation: 5/10 | Karpenter version incompatible with Kubernetes version; Pods cannot be scheduled | Karpenter is unable to provision new nodes because the current Karpenter version is not compatible with Kubernetes version . This incompatibility causes validation errors in the nodeclass controller and prevents pods from being scheduled properly in the cluster. | Kubernetes Provisioning Problems | karpenter | AWSKarpenterKubernetes |