Upgrade Forseti to Address Throttling of GCP APIs
1 view
Skip to first unread message
Henry Chang
Oct 8, 2019, 3:58:10 PM10/8/19
to Forseti Security Discussion, Forseti Security Announce
Hi Forseti Users,
If you did not use Terraform to deploy Forseti, you can stop reading now.
A recent issue was found where all Forseti instances (v2.21 or lower) that were deployed by Terraform would have their cron job trigger at the top of the hour.
This means that these Forseti instances would call GCP APIs at the same time, which can cause the GCP backend services to run out of capacity, and unable to respond to API requests from Forseti.
We have submitted a change in the Terraform module to fix this, so that the cron job will start at a random minute. You can easily pick up this fix by upgrading to Forseti v2.22, with the latest version of the Forseti Terraform module 4.3.0:
Step 1:
Open the user-defined main.tf file.
Set or ensure the `version` will pickup terraform module `4.3.0`.
Examples:
version = "~> 4.0"
version = "4.3.0"
Step 2:
terraform init
Step 3:
terraform plan
Step 4:
terraform apply
If you have any questions, please feel free to reach out to us on Slack.
Thank you.
Henry (on behalf of the Forseti Security team at Google)
If you did not use Terraform to deploy Forseti, you can stop reading now.
A recent issue was found where all Forseti instances (v2.21 or lower) that were deployed by Terraform would have their cron job trigger at the top of the hour.
This means that these Forseti instances would call GCP APIs at the same time, which can cause the GCP backend services to run out of capacity, and unable to respond to API requests from Forseti.
We have submitted a change in the Terraform module to fix this, so that the cron job will start at a random minute. You can easily pick up this fix by upgrading to Forseti v2.22, with the latest version of the Forseti Terraform module 4.3.0:
Step 1:
Open the user-defined main.tf file.
Set or ensure the `version` will pickup terraform module `4.3.0`.
Examples:
version = "~> 4.0"
version = "4.3.0"
Step 2:
terraform init
Step 3:
terraform plan
Step 4:
terraform apply
If you have any questions, please feel free to reach out to us on Slack.
Thank you.
Henry (on behalf of the Forseti Security team at Google)
Reply all
Reply to author
Forward
0 new messages