Specify an existing security group as model config?
marco at ceppi.net
Fri Dec 22 01:03:42 UTC 2017
Since Juju creates a security group per model (and applies it to all
instances in that model) it makes it really easy to enable/disable features
for all applications in a single model. One such feature is AWS EFS (NFS
aaS) which just needs to know which Security Groups can mount that EFS
There's a problem, however, when tearing down and standing up lots of
models in a months time. EFS only allows 5 Security Groups. So if you
wanted more than five Kubernetes clusters to access a single mount you need
to start editing all the AWS instances to share that Security Group
When it comes to scaling operations this can be tedious. I know there are
configurations for VPC-ID - is there also a similar security-group setting
where either the default model SG will be set based on user input instead
of created or a setting where an additional "model" security group can be
set so instances have it in addition to the model/instance security group?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Juju