This message was deleted.
# general
s
This message was deleted.
f
Anyone done this before?
l
Yes, it's a pain. I think we had to refresh, preview, note the differences and implement them in code so there's no redeployment (which is a pain, but 100% works). Is there a way to associate multiple SGs? If there is, that would work too, and would probably be better.
s
I think you may be able to get around this by 1) appropriately tagging the security group with the correct
<http://kubernetes.io/owned|kubernetes.io/owned>
tag (so the cloud provider/LB controller knows it can modify the security group; sounds like this is already working for you), and 2) defining security group rules separate from the security group itself.
f
I went for creating the Sg and adding independent rules on the object that needs them.