Skip to content

Commit ebc9920

Browse files
TiberiuGCTiberiuGC
authored
Restrict VPC.SecurityGroup egress rules validations to self-managed nodes (#7883)
Restrict VPC.SecurityGroup egress rules validations to self-managed nodes
1 parent 4b2a630 commit ebc9920

File tree

2 files changed

+10
-3
lines changed

2 files changed

+10
-3
lines changed

pkg/actions/nodegroup/create.go

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -80,9 +80,11 @@ func (m *Manager) Create(ctx context.Context, options CreateOpts, nodegroupFilte
8080
return errors.Wrapf(err, "loading VPC spec for cluster %q", meta.Name)
8181
}
8282
isOwnedCluster = false
83-
skipEgressRules, err = validateSecurityGroup(ctx, ctl.AWSProvider.EC2(), cfg.VPC.SecurityGroup)
84-
if err != nil {
85-
return err
83+
if len(cfg.NodeGroups) > 0 {
84+
skipEgressRules, err = validateSecurityGroup(ctx, ctl.AWSProvider.EC2(), cfg.VPC.SecurityGroup)
85+
if err != nil {
86+
return err
87+
}
8688
}
8789

8890
default:

pkg/actions/nodegroup/create_test.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1135,4 +1135,9 @@ func makeUnownedClusterConfig(clusterConfig *api.ClusterConfig) {
11351135
},
11361136
},
11371137
}
1138+
clusterConfig.NodeGroups = append(clusterConfig.NodeGroups, &api.NodeGroup{
1139+
NodeGroupBase: &api.NodeGroupBase{
1140+
Name: "ng",
1141+
},
1142+
})
11381143
}

0 commit comments

Comments
 (0)