Adding an AWS security group to Istio Ingress ELB


Is it safe to add an AWS security group manually for Istio Ingress ELB? Will there be some reconciliation happening which might overwrite this?

Considering we can only use IP CIDRs in loadBalancerSourceRanges in the Service definitions, I don’t see any other option to add a security group to an ELB managed by K8s.


You would have to try and see, but I have modified an NLB that was managed by k8s and after some time, k8s reverted my changes.