Technology: aws-load-balancer-controller
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| prequel-2025-0078 Low Impact: 6/10 Mitigation: 5/10 | AWS LoadBalancer Security Group Failure | While reconciling a TargetGroupBinding the AWS Load Balancer Controller inspects the ENI attached to each pod (IP mode) or worker node (instance mode). If it finds **zero or more than one** security group carrying the cluster-ownership tag `kubernetes.io/cluster/<cluster-name>: owned`, it aborts and logs: ``` Reconciler error … targetGroupBinding … expected exactly one securityGroup tagged … ``` When this happens the controller never attaches nodes/pods to target groups, so the load balancer comes up with **0 healthy targets**. | AWS Problems | aws-load-balancer-controller | AWSLoadbalancerSecurity Group |