Complete a 3 Question Survey and Earn a re:Post Badge

Help improve AWS Support Official channel in re:Post and share your experience - complete a quick three-question survey to earn a re:Post badge!

How do I resolve leader election issues with the AWS Load Balancer Controller in Amazon EKS?

2 minute read

My AWS Load Balancer Controller pods are failing, and I receive the "Forbidden" error in Amazon Elastic Kubernetes Service (Amazon EKS). Or, I receive a "problem running manager: error leader election lost" error in the Load Balancer controller pod logs.

Resolution

You receive the "Forbidden" error when AWS Load Balancer controller pods fail

The Forbidden error occurs when the aws-load-balancer-controller-role Amazon EKS cluster role doesn't have permission to lease resources from coordination.k8s.io apiGroups. The new inbound resource doesn't work as expected, and modifications to the existing ingress resources don't take effect.

You receive the following error:

"E0830 08:37:41.717952 1 leaderelection.go:330] error retrieving resource lock kube-system/aws-load-balancer-controller-leader: leases.coordination.k8s.io "aws-load-balancer-controller-leader" is forbidden: User "system:serviceaccount:kube-system:aws-load-balancer-controller" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system""

The error is continuously written in the controller pod logs, and no other errors exist. A controller pad restart doesn't resolve the issue.

Note: Update the AWS Load Balancer Controller to version 2.5.x. Also, make sure that controller pods are in the Active state.

To resolve the issue, complete the following steps:

Add the following entries to aws-load-balancer-controller-role:

...
...
- apiGroups: ["coordination.k8s.io"]
  resources: [leases]
  verbs: [get, list, watch, create, patch, update]

Restart the controller pod.

To add resources, run the following command:

kubectl edit clusterrole aws-load-balancer-controller-role

To restart the deployment, run the following command:

kubectl rollout restart deployment  -n

You receive the "problem running manager: error leader election lost" in the controller pod log

You get the problem running manager error message when multiple instances of the same controller are active in the cluster. The leader election process determined that one of the instances lost its leader status. When multiple instances are active, it's expected that an instance loses its leader status. The leader election mechanism makes sure that only one instance performs specific critical operations. You don't need to take action.

To make sure that there's always an elected leader pod, set the replica count from 2 to 3 or to another odd number.

Topics

Containers

Relevant content

Confirmation of Load Balancer Type Used for EKS Control Plane etcd
ongja
asked 4 months ago
EKS AWS Load Balancer Controller - ALB is not created
Accepted Answer
Andres
asked 2 years ago
Error installing helm chart eks/aws-load-balancer-controller
AWS-User-6885097
asked 3 years ago
Intermittent Failures in Pod Communications with Internal AWS Network Load Balancer
Accepted Answer
DarkOps
asked a year ago
EKS AWS Load Balancer Controller - ingress created but the ALB is not
ari
asked 2 years ago
How do I set up an Application Load Balancer through the AWS Load Balancer Controller on an Amazon EC2 node group in Amazon EKS?
AWS OFFICIALUpdated a year ago
How can I troubleshoot issues when I use the AWS Load Balancer Controller to create a load balancer?
AWS OFFICIALUpdated 2 years ago
How do I set up the AWS Load Balancer Controller on an Amazon EKS cluster for Fargate?
AWS OFFICIALUpdated 2 months ago
Why do I get the "WebIdentityErr" error when I use AWS Load Balancer Controller in Amazon EKS?
AWS OFFICIALUpdated a year ago
Preparing for the election season with AWS Countdown Premium
EXPERT
Atul Anand
published a year ago