kube_cron_job
Stable
Submodule

Kubernetes CronJob

Provides a production-hardened instance of a Kubernetes CronJob with the following enhancements:

Usage

Basics

This module follows the basic workload deployment patterns describe in this guide.

Scheduling

This module’s has inputs that map one-for-one to the standard Kubernetes CronJob API.

Providers

The following providers are needed by this module:

Required Inputs

The following input variables are required:

containers

Description: A list of container configurations for the Pod

Type:

list(object({
name = string # A unique name for the container within the pod
init = optional(bool, false) # Iff true, the container will be an init container
image_registry = string # The URL for a container image registry (e.g., docker.io)
image_repository = string # The path to the image repository within the registry (e.g., library/nginx)
image_tag = string # The tag for a specific image within the repository (e.g., 1.27.1)
image_pin_enabled = optional(bool, true) # Whether the image should be pinned to every node regardless of whether the container is running or not (speeds up startup times)
image_prepull_enabled = optional(bool, true) # Whether the image will be prepulled to nodes when the nodes are first created (speeds up startup times)
command = list(string) # The command to be run as the root process inside the container
working_dir = optional(string, null) # The directory the command will be run in. If left null, will default to the working directory set by the image
image_pull_policy = optional(string, "IfNotPresent") # Sets the container's ImagePullPolicy
minimum_memory = optional(number, 100) #The minimum amount of memory in megabytes
maximum_memory = optional(number, null) #The maximum amount of memory in megabytes
memory_limit_multiplier = optional(number, 1.3) # memory limits = memory request x this value
minimum_cpu = optional(number, 10) # The minimum amount of cpu millicores
maximum_cpu = optional(number, null) # The maximum amount of cpu to allow (in millicores)
privileged = optional(bool, false) # Whether to allow the container to run in privileged mode
run_as_root = optional(bool, false) # Whether to run the container as root
uid = optional(number, 1000) # user to use when running the container if not root
linux_capabilities = optional(list(string), []) # Default is drop ALL
readonly = optional(bool, true) # Whether to use a readonly file system
env = optional(map(string), {}) # Environment variables specific to the container
}))

cron_schedule

Description: The cron expression to use for the CronJob

Type: string

name

Description: The name of this CronJob

Type: string

namespace

Description: The namespace the cluster is in

Type: string

Optional Inputs

The following input variables are optional (have default values):

active_deadline_seconds

Description: Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer.

Type: number

Default: 86400

arm_nodes_enabled

Description: Whether to allow Pods to schedule on arm64 nodes

Type: bool

Default: true

backoff_limit

Description: Specifies the number of retries before marking the Job failed.

Type: number

Default: 6

burstable_nodes_enabled

Description: Whether to allow Pods to schedule on burstable nodes

Type: bool

Default: false

cilium_required

Description: True iff the Cilium CNI is required to be installed on a node prior to scheduling on it

Type: bool

Default: true

common_env

Description: Key pair values of the environment variables for each container

Type: map(string)

Default: {}

common_env_from_config_maps

Description: Environment variables that are sourced from existing Kubernetes ConfigMaps. The keys are the environment variables names and the values are the ConfigMap references.

Type:

map(object({
config_map_name = string
key = string
}))

Default: {}

common_env_from_secrets

Description: Environment variables that are sourced from existing Kubernetes Secrets. The keys are the environment variables names and the values are the Secret references.

Type:

map(object({
secret_name = string
key = string
}))

Default: {}

common_secrets

Description: Key pair values of secrets to add to the containers as environment variables

Type: map(string)

Default: {}

concurrency_policy

Description: Specifies how to treat concurrent executions of a Job.

Type: string

Default: "Forbid"

config_map_mounts

Description: A mapping of ConfigMap names to their mount configuration in the containers of the CronJob

Type:

map(object({
mount_path = string # Where in the containers to mount the ConfigMap
optional = optional(bool, false) # Whether the Pod can launch if this ConfigMap does not exist
}))

Default: {}

controller_nodes_enabled

Description: Whether to allow pods to schedule on EKS Node Group nodes (controller nodes)

Type: bool

Default: false

cron_job_annotations

Description: Annotations to add to the generated CronJob

Type: map(string)

Default: {}

disruptions_enabled

Description: Whether to enable disrupting the Pods in the middle of execution.

Type: bool

Default: false

dns_policy

Description: The DNS policy for the Pod

Type: string

Default: "ClusterFirst"

extra_annotations

Description: A map of extra annotations that will be added to the CronJob (not the pods)

Type: map(string)

Default: {}

extra_labels

Description: A map of extra labels that will be added to the CronJob (not the pods)

Type: map(string)

Default: {}

extra_pod_annotations

Description: Annotations to add to the pods in the CronJob

Type: map(string)

Default: {}

extra_pod_labels

Description: Extra pod labels to use

Type: map(string)

Default: {}

extra_tolerations

Description: Extra tolerations to add to the Pods

Type:

list(object({
key = optional(string)
operator = string
value = optional(string)
effect = optional(string)
}))

Default: []

failed_jobs_history_limit

Description: The number of failed jobs to retain

Type: number

Default: 1

job_annotations

Description: Annotations to add to generated Job resources

Type: map(string)

Default: {}

linkerd_enabled

Description: True iff the Linkerd sidecar should be injected into the pods

Type: bool

Default: true

linkerd_required

Description: True iff the Linkerd CNI is required to be installed on a node prior to scheduling on it

Type: bool

Default: true

mount_owner

Description: The ID of the group that owns the mounted volumes

Type: number

Default: 1000

node_image_cached_enabled

Description: Whether to add the container images to the node image cache for faster startup times

Type: bool

Default: true

node_preferences

Description: Node label preferences for the Pods

Type: map(object({ weight = number, operator = string, values = list(string) }))

Default: {}

node_requirements

Description: Node label requirements for the Pods

Type: map(list(string))

Default: {}

panfactum_scheduler_enabled

Description: Whether to use the Panfactum Pod scheduler with enhanced bin-packing

Type: bool

Default: true

pod_completions

Description: Specifies the desired number of successfully finished Pods the Job should be run with.

Type: number

Default: 1

pod_parallelism

Description: Specifies the maximum desired number of Pods the Job should run at any given time.

Type: number

Default: 1

pod_replacement_policy

Description: Specifies when to create replacement Pods

Type: string

Default: "Failed"

pod_version_labels_enabled

Description: Whether to add version labels to the Pod. Useful for ensuring pods do not get recreated on frequent updates.

Type: bool

Default: true

priority_class_name

Description: The priority class to use for Pods in the CronJob

Type: string

Default: null

pull_through_cache_enabled

Description: Whether to use the ECR pull through cache for the deployed images

Type: bool

Default: true

restart_policy

Description: The Pod restart policy

Type: string

Default: "OnFailure"

secret_mounts

Description: A mapping of Secret names to their mount configuration in the containers of the CronJob

Type:

map(object({
mount_path = string # Where in the containers to mount the Secret
optional = optional(bool, false) # Whether the Pod can launch if this Secret does not exist
}))

Default: {}

spot_nodes_enabled

Description: Whether to allow Pods to schedule on spot nodes

Type: bool

Default: true

starting_deadline_seconds

Description: Optional deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones.

Type: number

Default: 900

successful_jobs_history_limit

Description: The number of successful jobs to retain

Type: number

Default: 0

suspend

Description: Whether the CronJob is suspended

Type: bool

Default: false

termination_grace_period_seconds

Description: The number of seconds to wait for graceful termination before forcing termination

Type: number

Default: 30

tmp_directories

Description: A mapping of temporary directory names (arbitrary) to their configuration

Type:

map(object({
mount_path = string # Where in the containers to mount the temporary directories
size_mb = optional(number, 100) # The number of MB to allocate for the directory
node_local = optional(bool, false) # If true, the temporary storage will come from the host node rather than a PVC
}))

Default: {}

ttl_seconds_after_finished

Description: limits the lifetime of a Job that has finished execution (either Complete or Failed). After this time, it is eligible to be automatically deleted.

Type: number

Default: 600

update_type

Description: The type of update that the CronJob should use

Type: string

Default: "RollingUpdate"

vpa_enabled

Description: Whether to enable the Vertical Pod Autoscaler

Type: bool

Default: true

Outputs

The following outputs are exported:

labels

Description: The default labels assigned to all resources in this Workflow

match_labels

Description: The labels unique to this Workflow that can be used to select any pods in this Workflow

service_account_name

Description: The service account used for the pods

Maintainer Notes

No notes