Specify an existing security group as model config?

Marco Ceppi marco at ceppi.net
Fri Dec 22 01:03:42 UTC 2017

Hi all,

Since Juju creates a security group per model (and applies it to all
instances in that model) it makes it really easy to enable/disable features
for all applications in a single model. One such feature is AWS EFS (NFS
aaS) which just needs to know which Security Groups can mount that EFS

There's a problem, however, when tearing down and standing up lots of
models in a months time. EFS only allows 5 Security Groups. So if you
wanted more than five Kubernetes clusters to access a single mount you need
to start editing all the AWS instances to share that Security Group

When it comes to scaling operations this can be tedious. I know there are
configurations for VPC-ID - is there also a similar security-group setting
where either the default model SG will be set based on user input instead
of created or a setting where an additional "model" security group can be
set so instances have it in addition to the model/instance security group?

Marco Ceppi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20171222/ec72fefe/attachment.html>

More information about the Juju mailing list