CronJob Manifest Validation
Validate Kubernetes CronJob manifests including the nested job template and pod spec. Check for common issues like missing resource limits on batch containers.
Workload Types
Detailed Explanation
CronJob Manifest Structure
CronJobs have a deeply nested structure: CronJob > JobTemplate > Job > PodTemplate > PodSpec > Containers. Issues at any level can cause problems.
Example CronJob
apiVersion: batch/v1
kind: CronJob
metadata:
name: daily-cleanup
labels:
app: maintenance
spec:
schedule: "0 2 * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: cleanup
image: busybox:latest
command: ["sh", "-c", "echo cleanup done"]
restartPolicy: OnFailure
What the Validator Flags
- Warning: Container 'cleanup' uses ':latest' tag
- Warning: Container 'cleanup' has no resource requests or limits
- Warning: No securityContext.runAsNonRoot set
CronJob-Specific Considerations
| Field | Purpose | Default |
|---|---|---|
spec.schedule |
Cron expression | Required |
spec.concurrencyPolicy |
Allow, Forbid, or Replace | Allow |
spec.successfulJobsHistoryLimit |
Keep N successful jobs | 3 |
spec.failedJobsHistoryLimit |
Keep N failed jobs | 1 |
spec.startingDeadlineSeconds |
Max delay before skip | None |
spec.suspend |
Pause scheduling | false |
Best Practices for CronJobs
- Set
restartPolicytoOnFailureorNever(notAlways) - Pin image versions (no
:latest) - Set resource limits even for short-lived jobs
- Configure
activeDeadlineSecondsto prevent runaway jobs - Use
concurrencyPolicy: Forbidif jobs must not overlap - Set appropriate history limits to avoid accumulating completed Job objects
Use Case
Validating batch job configurations before deploying scheduled tasks. CronJobs are commonly used for database backups, log rotation, and periodic data processing.