kevensen
commented
4 years ago Additional notes. If the Helm charts are invoked via Terraform, then whatever cron string with the random minute Terraform created will be applied here.
What we need to consider is the scenario where the Helm charts are deployed via the Helm CLI. So the default behavior in any case should be generate a random minute (definitely possible in the Helm template),
Story
When Forseti is deployed to GKE, the periodic scan will run every hour at the 0th minute(top of the hour). For example, it will run at 1pm, 2pm, 3pm, etc. This should be run every 2 hours at a random minute. CAI exports might be throttled if there are a lot happening at the same time. This issue was addressed for Forseti on GCE.
Proposed Solution
Update the serverSchedule value to run every 2 hours at a random minute.
Acceptance Criteria
GIVEN: Forseti is deployed on GKE with Helm WHEN: The Periodic Scan is run THEN: It is run at a random minute and there are no issues with the CAI export