diff --git a/zun/container/docker/driver.py b/zun/container/docker/driver.py
index 8e48ef117..0457ecf51 100644
--- a/zun/container/docker/driver.py
+++ b/zun/container/docker/driver.py
@@ -542,9 +542,10 @@ class DockerDriver(driver.ContainerDriver):
             name = self.get_sandbox_name(container)
             sandbox = docker.create_container(image, name=name,
                                               hostname=name[:63])
-            security_groups = container.security_groups or None
-            security_group_ids = self._get_security_group_ids(
-                context, security_groups)
+            security_group_ids = None
+            if container.security_groups is not None:
+                security_group_ids = self._get_security_group_ids(
+                    context, container.security_groups)
             # Container connects to the bridge network by default so disconnect
             # the container from it before connecting it to neutron network.
             # This avoids potential conflict between these two networks.
diff --git a/zun/network/kuryr_network.py b/zun/network/kuryr_network.py
index bd48f16ec..8b1543582 100644
--- a/zun/network/kuryr_network.py
+++ b/zun/network/kuryr_network.py
@@ -121,11 +121,13 @@ class KuryrNetwork(network.Network):
         """
         network = self.inspect_network(network_name)
         neutron_net_id = network['Options']['neutron.net.uuid']
-        neutron_port = self.neutron.create_port({'port': {
+        port_dict = {
             'network_id': neutron_net_id,
-            'security_groups': security_group_ids,
             'tenant_id': self.context.project_id
-        }})
+        }
+        if security_group_ids is not None:
+            port_dict['security_groups'] = security_group_ids
+        neutron_port = self.neutron.create_port({'port': port_dict})
 
         ipv4_address = None
         ipv6_address = None