kube_cron_job
Kubernetes CronJob
Provides a production-hardened instance of a Kubernetes CronJob with the following enhancements:
- Standardized resource labels
- Pod and container security hardening
- Temporary directory mounting
- ConfigMap and Secret mounting
- Downward-API integrations
- Service account configuration with default permissions
- Integration with the Panfactum bin-packing scheduler
- High-availability scheduling constraints
- Readiness and liveness probe configurations
- Automatic reloading via the Reloader
- Vertical pod autoscaling
- Pod disruption budget
- Toleration switches for the various Panfactum node classes
Usage
Basics
This module follows the basic workload deployment patterns describe in this guide.
Scheduling
This module's has inputs that map one-for-one to the standard Kubernetes CronJob API.
Providers
The following providers are needed by this module:
-
kubectl (2.0.4)
-
kubernetes (2.27.0)
-
pf (0.0.3)
-
random (3.6.0)
Required Inputs
The following input variables are required:
containers
Description: A list of container configurations for the Pod
Type:
list(object({
name = string # A unique name for the container within the pod
init = optional(bool, false) # Iff true, the container will be an init container
image_registry = string # The URL for a container image registry (e.g., docker.io)
image_repository = string # The path to the image repository within the registry (e.g., library/nginx)
image_tag = string # The tag for a specific image within the repository (e.g., 1.27.1)
command = list(string) # The command to be run as the root process inside the container
working_dir = optional(string, null) # The directory the command will be run in. If left null, will default to the working directory set by the image
image_pull_policy = optional(string, "IfNotPresent") # Sets the container's ImagePullPolicy
minimum_memory = optional(number, 100) #The minimum amount of memory in megabytes
maximum_memory = optional(number, null) #The maximum amount of memory in megabytes
memory_limit_multiplier = optional(number, 1.3) # memory limits = memory request x this value
minimum_cpu = optional(number, 10) # The minimum amount of cpu millicores
maximum_cpu = optional(number, null) # The maximum amount of cpu to allow (in millicores)
privileged = optional(bool, false) # Whether to allow the container to run in privileged mode
run_as_root = optional(bool, false) # Whether to run the container as root
uid = optional(number, 1000) # user to use when running the container if not root
linux_capabilities = optional(list(string), []) # Default is drop ALL
readonly = optional(bool, true) # Whether to use a readonly file system
env = optional(map(string), {}) # Environment variables specific to the container
}))
cron_schedule
Description: The cron expression to use for the CronJob
Type: string
name
Description: The name of this CronJob
Type: string
namespace
Description: The namespace the cluster is in
Type: string
Optional Inputs
The following input variables are optional (have default values):
active_deadline_seconds
Description: Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer.
Type: number
Default: 86400
arm_nodes_enabled
Description: Whether to allow Pods to schedule on arm64 nodes
Type: bool
Default: true
backoff_limit
Description: Specifies the number of retries before marking the Job failed.
Type: number
Default: 6
burstable_nodes_enabled
Description: Whether to allow Pods to schedule on burstable nodes
Type: bool
Default: false
common_env
Description: Key pair values of the environment variables for each container
Type: map(string)
Default: {}
common_env_from_config_maps
Description: Environment variables that are sourced from existing Kubernetes ConfigMaps. The keys are the environment variables names and the values are the ConfigMap references.
Type:
map(object({
config_map_name = string
key = string
}))
Default: {}
common_env_from_secrets
Description: Environment variables that are sourced from existing Kubernetes Secrets. The keys are the environment variables names and the values are the Secret references.
Type:
map(object({
secret_name = string
key = string
}))
Default: {}
common_secrets
Description: Key pair values of secrets to add to the containers as environment variables
Type: map(string)
Default: {}
concurrency_policy
Description: Specifies how to treat concurrent executions of a Job.
Type: string
Default: "Forbid"
config_map_mounts
Description: A mapping of ConfigMap names to their mount configuration in the containers of the CronJob
Type:
map(object({
mount_path = string # Where in the containers to mount the ConfigMap
optional = optional(bool, false) # Whether the Pod can launch if this ConfigMap does not exist
}))
Default: {}
controller_nodes_enabled
Description: Whether to allow pods to schedule on EKS Node Group nodes (controller nodes)
Type: bool
Default: false
cron_job_annotations
Description: Annotations to add to the generated CronJob
Type: map(string)
Default: {}
disruptions_enabled
Description: Whether to enable disrupting the Pods in the middle of execution.
Type: bool
Default: false
dns_policy
Description: The DNS policy for the Pod
Type: string
Default: "ClusterFirst"
extra_pod_annotations
Description: Annotations to add to the pods in the CronJob
Type: map(string)
Default: {}
extra_pod_labels
Description: Extra pod labels to use
Type: map(string)
Default: {}
extra_tolerations
Description: Extra tolerations to add to the Pods
Type:
list(object({
key = optional(string)
operator = string
value = optional(string)
effect = optional(string)
}))
Default: []
failed_jobs_history_limit
Description: The number of failed jobs to retain
Type: number
Default: 1
job_annotations
Description: Annotations to add to generated Job resources
Type: map(string)
Default: {}
mount_owner
Description: The ID of the group that owns the mounted volumes
Type: number
Default: 1000
node_image_cached_enabled
Description: Whether to add the container images to the node image cache for faster startup times
Type: bool
Default: false
node_preferences
Description: Node label preferences for the Pods
Type: map(object({ weight = number, operator = string, values = list(string) }))
Default: {}
node_requirements
Description: Node label requirements for the Pods
Type: map(list(string))
Default: {}
panfactum_scheduler_enabled
Description: Whether to use the Panfactum Pod scheduler with enhanced bin-packing
Type: bool
Default: true
pod_completions
Description: Specifies the desired number of successfully finished Pods the Job should be run with.
Type: number
Default: 1
pod_parallelism
Description: Specifies the maximum desired number of Pods the Job should run at any given time.
Type: number
Default: 1
pod_replacement_policy
Description: Specifies when to create replacement Pods
Type: string
Default: "Failed"
pod_version_labels_enabled
Description: Whether to add version labels to the Pod. Useful for ensuring pods do not get recreated on frequent updates.
Type: bool
Default: true
priority_class_name
Description: The priority class to use for Pods in the CronJob
Type: string
Default: null
pull_through_cache_enabled
Description: Whether to use the ECR pull through cache for the deployed images
Type: bool
Default: true
restart_policy
Description: The Pod restart policy
Type: string
Default: "OnFailure"
secret_mounts
Description: A mapping of Secret names to their mount configuration in the containers of the CronJob
Type:
map(object({
mount_path = string # Where in the containers to mount the Secret
optional = optional(bool, false) # Whether the Pod can launch if this Secret does not exist
}))
Default: {}
spot_nodes_enabled
Description: Whether to allow Pods to schedule on spot nodes
Type: bool
Default: true
starting_deadline_seconds
Description: Optional deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones.
Type: number
Default: 900
successful_jobs_history_limit
Description: The number of successful jobs to retain
Type: number
Default: 0
suspend
Description: Whether the CronJob is suspended
Type: bool
Default: false
termination_grace_period_seconds
Description: The number of seconds to wait for graceful termination before forcing termination
Type: number
Default: 30
tmp_directories
Description: A mapping of temporary directory names (arbitrary) to their configuration
Type:
map(object({
mount_path = string # Where in the containers to mount the temporary directories
size_mb = optional(number, 100) # The number of MB to allocate for the directory
node_local = optional(bool, false) # If true, the temporary storage will come from the host node rather than a PVC
}))
Default: {}
ttl_seconds_after_finished
Description: limits the lifetime of a Job that has finished execution (either Complete or Failed). After this time, it is eligible to be automatically deleted.
Type: number
Default: 600
update_type
Description: The type of update that the CronJob should use
Type: string
Default: "RollingUpdate"
vpa_enabled
Description: Whether to enable the Vertical Pod Autoscaler
Type: bool
Default: true
Outputs
The following outputs are exported:
labels
Description: The default labels assigned to all resources in this Workflow
match_labels
Description: The labels unique to this Workflow that can be used to select any pods in this Workflow
service_account_name
Description: The service account used for the pods
Maintainer Notes
No notes