Fix to the number of required SGs on configure

cortexlabs · Jun 15, 2021 · 0068a7d · 0068a7d
1 parent b0fc893
commit 0068a7d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/pkg/lib/aws/servicequotas.go b/pkg/lib/aws/servicequotas.go
@@ -166,6 +166,7 @@ func (c *Client) VerifyNetworkQuotas(
 	requiredVPCs int,
 	availabilityZones strset.Set,
 	numNodeGroups int,
+	netAdditionOfNodeGroups int,
 	longestCIDRWhiteList int,
 	clusterAlreadyExists bool,
 ) error {
@@ -328,7 +329,7 @@ func (c *Client) VerifyNetworkQuotas(
 	}
 
 	// check security groups quota
-	requiredSecurityGroups := requiredSecurityGroups(numNodeGroups)
+	requiredSecurityGroups := requiredSecurityGroups(netAdditionOfNodeGroups, clusterAlreadyExists)
 	sgs, err := c.DescribeSecurityGroups()
 	if err != nil {
 		return err
@@ -345,8 +346,9 @@ func (c *Client) VerifyNetworkQuotas(
 func (c *Client) VerifyNetworkQuotasOnConfigure(
 	availabilityZones strset.Set,
 	numNodeGroups int,
+	netAdditionOfNodeGroups int,
 	longestCIDRWhiteList int) error {
-	return c.VerifyNetworkQuotas(0, false, false, 0, availabilityZones, numNodeGroups, longestCIDRWhiteList, true)
+	return c.VerifyNetworkQuotas(0, false, false, 0, availabilityZones, numNodeGroups, netAdditionOfNodeGroups, longestCIDRWhiteList, true)
 }
 
 func requiredRulesForNodeGroupSecurityGroup(numAZs, whitelistLength int) int {
@@ -366,7 +368,10 @@ func requiredRulesForControlPlaneSecurityGroup(numNodeGroups int) int {
 	return 2 * (numNodeGroups + 1)
 }
 
-func requiredSecurityGroups(numNodeGroups int) int {
+func requiredSecurityGroups(numNodeGroups int, clusterAlreadyExists bool) int {
+	if clusterAlreadyExists {
+		return numNodeGroups
+	}
 	// each node group requires a security group
 	return _baseNumberOfSecurityGroups + numNodeGroups
 }
diff --git a/pkg/types/clusterconfig/cluster_config.go b/pkg/types/clusterconfig/cluster_config.go
@@ -1093,7 +1093,7 @@ func (cc *Config) ValidateOnInstall(awsClient *aws.Client) error {
 		requiredVPCs = 1
 	}
 	longestCIDRWhiteList := libmath.MaxInt(len(cc.APILoadBalancerCIDRWhiteList), len(cc.OperatorLoadBalancerCIDRWhiteList))
-	if err := awsClient.VerifyNetworkQuotas(1, cc.NATGateway != NoneNATGateway, cc.NATGateway == HighlyAvailableNATGateway, requiredVPCs, strset.FromSlice(cc.AvailabilityZones), len(cc.NodeGroups), longestCIDRWhiteList, false); err != nil {
+	if err := awsClient.VerifyNetworkQuotas(1, cc.NATGateway != NoneNATGateway, cc.NATGateway == HighlyAvailableNATGateway, requiredVPCs, strset.FromSlice(cc.AvailabilityZones), len(cc.NodeGroups), len(cc.NodeGroups), longestCIDRWhiteList, false); err != nil {
 		// Skip AWS errors, since some regions (e.g. eu-north-1) do not support this API
 		if !aws.IsAWSError(err) {
 			return err
@@ -1126,8 +1126,9 @@ func (cc *Config) ValidateOnConfigure(awsClient *aws.Client, oldConfig Config, e
 	ngsToBeRemoved := cc.getRemovedNodeGroups(oldConfig)
 
 	tempMaxNodeGroupCount := len(cc.NodeGroups) + len(ngsToBeRemoved)
+	tempNetAdditionOfNodeGroupCount := tempMaxNodeGroupCount - len(oldConfig.NodeGroups)
 	longestCIDRWhiteList := libmath.MaxInt(len(cc.APILoadBalancerCIDRWhiteList), len(cc.OperatorLoadBalancerCIDRWhiteList))
-	if err := awsClient.VerifyNetworkQuotasOnConfigure(strset.FromSlice(cc.AvailabilityZones), tempMaxNodeGroupCount, longestCIDRWhiteList); err != nil {
+	if err := awsClient.VerifyNetworkQuotasOnConfigure(strset.FromSlice(cc.AvailabilityZones), tempMaxNodeGroupCount, tempNetAdditionOfNodeGroupCount, longestCIDRWhiteList); err != nil {
 		// Skip AWS errors, since some regions (e.g. eu-north-1) do not support this API
 		if !aws.IsAWSError(err) {
 			return ConfigureChanges{}, errors.Wrap(err, NodeGroupsKey)