Restrict VPC.SecurityGroup egress rules validations to self-managed n…

…odes
eksctl-io · Jul 12, 2024 · 260a615 · 260a615
1 parent 4b2a630
commit 260a615
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/pkg/actions/nodegroup/create.go b/pkg/actions/nodegroup/create.go
@@ -80,9 +80,11 @@ func (m *Manager) Create(ctx context.Context, options CreateOpts, nodegroupFilte
 				return errors.Wrapf(err, "loading VPC spec for cluster %q", meta.Name)
 			}
 			isOwnedCluster = false
-			skipEgressRules, err = validateSecurityGroup(ctx, ctl.AWSProvider.EC2(), cfg.VPC.SecurityGroup)
-			if err != nil {
-				return err
+			if len(cfg.NodeGroups) > 0 {
+				skipEgressRules, err = validateSecurityGroup(ctx, ctl.AWSProvider.EC2(), cfg.VPC.SecurityGroup)
+				if err != nil {
+					return err
+				}
 			}
 
 		default:

diff --git a/pkg/actions/nodegroup/create_test.go b/pkg/actions/nodegroup/create_test.go
@@ -1135,4 +1135,9 @@ func makeUnownedClusterConfig(clusterConfig *api.ClusterConfig) {
 			},
 		},
 	}
+	clusterConfig.NodeGroups = append(clusterConfig.NodeGroups, &api.NodeGroup{
+		NodeGroupBase: &api.NodeGroupBase{
+			Name: "ng",
+		},
+	})
 }