// immutableAttributes holds those attributes
// which are not allowed to change in the lifetime
// of an environment.
var immutableAttributes = []string{
NameKey,
TypeKey,
UUIDKey,
"firewall-mode",
}
I’m not sure why we couldn’t allow you to change the firewall-mode, but it is currently in the “immutable” set.
So AFAICT you have to use juju add-model --config firewall-mode=none to create a model without the firewaller.
I’d be curious to understand why you need to change it. There is always the possibility of doing DB surgery to change the value, and then making sure you restart the relevant agents so that they see the updated values. (I also don’t think updating the agents is going to get rid of the firewall rules already in play, but it would prevent creating new ones.)
I am running kubernetes on openstack via juju. I recognized that each machine creates a lot of security groups and rules. If the “firewall-mode” is set to “none” it will not create this amount of security groups.
I think before changing stuff in DB directly I will live with the amount of security groups before breaking the whole system…