Technology: aws-load-balancer-controller
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| prequel-2025-0078 Low Impact: 6/10 Mitigation: 5/10 | AWS LoadBalancer Security Group Failure | While reconciling a TargetGroupBinding the AWS Load Balancer Controller inspects the ENI attached to each pod (IP mode) or worker node (instance mode). If it finds **zero or more than one** security group carrying the cluster-ownership tag `kubernetes.io/cluster/<cluster-name>: owned`, it aborts and logs: ``` Reconciler error … targetGroupBinding … expected exactly one securityGroup tagged … ``` When this happens the controller never attaches nodes/pods to target groups, so the load balancer comes up with **0 healthy targets**. | AWS Problems | aws-load-balancer-controller | AWSLoadbalancerSecurity Group |
| prequel-2025-0093 Medium Impact: 8/10 Mitigation: 5/10 | aws-load-balancer-controller rejects Ingress resource with wildcard path and Prefix pathType | The aws-load-balancer-controller is unable to translate an Ingress resource into an AWS ALB Listener Rule when the path contains a wildcard (*) and the pathType is set to Prefix. | Kubernetes Networking Problems | aws-load-balancer-controller | KubernetesAWS Loadbalancer ControllerIngress ResourceAWSNetworkingConfigurationPath ValidationALBRouting |