Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-8868

Allow configuring default scan schedule during Compliance Operator installation

XMLWordPrintable

    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      1. Proposed title of this feature request:
      Install-Time Configurable Scan Schedule for Compliance Operator

      2. Nature and description of the request:
      Currently, the Compliance Operator automatically creates a default ScanSetting and ScanSettingBinding with a hardcoded daily scan schedule (0 1 * * * UTC) after installation. There is no supported mechanism to set a custom schedule at install time.

      The request is to allow customers to specify a custom scan schedule during the operator deployment (for example, via Subscription parameters or Operator configuration) so that the default ScanSetting is created with the desired schedule.

      3. Why does the customer need this? (Business requirements)

      • Customers may want scans to occur weekly, monthly, or at specific times to align with operational or business policies.
      • Manual edits of the default ScanSetting after installation are error-prone and add extra operational overhead.
      • Automated deployments using GitOps or Infrastructure-as-Code cannot pre-configure the default schedule without additional manual intervention.
      • Ensures consistency and reduces the risk of missing scans due to human error.

      4. List any affected packages or components:

      • Compliance Operator (openshift-compliance)
      • ScanSetting and ScanSettingBinding CRs

       

      Additional Details :

      In one of the cases, the Compliance Operator was installed with the default ScanSetting:
      ~~~
      kind: ScanSetting
      metadata:
      name: default
      namespace: openshift-compliance
      spec:
      schedule: "0 1 * * *"
      ~~~
      This schedule runs scans once per day at 01:00 UTC.
      The customer wanted to change the default schedule to once per week on Friday at 15:00 UTC.
      Currently, the only supported approaches are:
      Edit the default ScanSetting manually after installation: $ oc edit scansetting default -n openshift-compliance
      Or patch it: $ oc patch scansetting default -n openshift-compliance --type='merge' -p '{"schedule":"0 15 * * 5"}'
       
      There is currently no supported mechanism to set this schedule during installation, which prompted this feature request.

              rh-ee-masimonm Maria Simon Marcos
              rhn-support-sdharma Suruchi Dharma
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                None
                None