Job Options

Specifies enhanced Quartz cron schedules for NeonKUBE cluster jobs performed by cluster operators such as neon-cluster-operator. Each job can be enabled or disabled independently and scheduled using a CRON/Quartz like string, like:

enabled:  true
schedule: "R R 0 ? * *"

schedule specifies the job schedule. This is extended Quartz CRON expression.
This defaults to "R R 0 ? * *" which fires every day at a random minute and second between 12:00am and 1:00am.

Cron expressions consist of seven sub-expressions that describe the details of the schedule. The sub expressions (in order) are:

Seconds (0..59)
Minutes (0..59)
Hours (0..23)
Day-of-Month (1..31)
Month (1..12) or MON-DEC
Day-of-Week (1..7) or SUN-SAT
Year (optional) (1970..2099)

An example of a complete cron expression is "0 0 15 ? * MON" which triggers every Monday at 3pm.

For the full documentation which describes special characters, see: Quartz CRON Expressions

note

In addition to the standard Quartz defined special characters, we also support the R character which picks a random value within the allowed range for a field. For example:

"0 R R * * *"

schedules the job for a random hour and minute during the day. This is useful for situations like uploading telemetry to a global service where you don't want a potentially large number of clients being scheduled to hit the service at the same time.

Here's what the cluster job options look like, with the default values or [required] for properties that must be specified:

jobs:
  controlPlaneCertificateRenewal:
    enabled:                        true
    schedule:                       "0 0 0 ? * TUE"
  harborImagePush:
    enabled:                        true
    schedule:                       "0 0 0 ? * TUE"
  linuxSecurityPatches:
    enabled:                        true
    schedule:                       "0 0 0 ? * TUE"
  nodeCaCertificateRenewal:
    enabled:                        true
    schedule:                       "0 0 0 ? * TUE"
  telemetryPing:
    enabled:                        true
    schedule:                       "R R 0 ? * *"
  terminatedPodGc:
    enabled:                        true
    schedule:                       "0/15 * * ? * *"
  terminatedPodGcDelayMilliseconds: 1000
  terminatedPodGcThresholdMinutes:  720

Property	Description
controlPlaneCertificateRenewal	`object:` Schedules renewal of the Kubernetes cluster certificate. This defaults to a random time between 12:00am and 1:00am (UTC) on Tuesdays.
harborImagePush	`object:` Schedules the persisting of NEONKUBE cluster container images from cluster nodes to Harbor as required. This defaults to a random time between 12:00am and 1:00am (UTC) on Tuesdays.
linuxSecurityPatches	`object:` Schedules Kubernetes control plane certificate renewal. This defaults to a random time between 12:00am and 1:00am (UTC) on Tuesdays.
nodeCaCertificateRenewal	`object:` Schedules updates of the public certificate authorities on cluster nodes. This defaults to a random time between 12:00am and 1:00am (UTC) on Tuesdays.
telemetryPing	`object:` Schedules the application of Linux security patches on the cluster nodes. This defaults to a random time between 12:00am and 1:00am (UTC) on Tuesdays.
terminatedPodGc	`object:` Schedules the deletion of pods that have been terminated for at least terminatedPodGcThresholdMinutes. This defaults to every 15 minutes. NOTE: To avoid a potential race condition, neon-cluster-operator only removes pods with what looks like a generated name, including a unique ID suffix. This avoids situations where the operator identifies a pod to be deleted but before the operator has a chance to delete the pod, something else deletes and then recreates the pod with the same name, resulting in the wrong pod being removed.
terminatedPodGcDelayMilliseconds	`integer:` Specifies the delay in milliseconds that the terminated pod removal job will pause after scanning a namespace for terminated jobs and also after each job removal to reduce pressure on the API Server. This defaults to 1000 milliseconds (1 second).
terminatedPodGcThresholdMinutes	`integer:` Specifies the number of minutes after a pod terminates sucessfully or not before it becomes eligible for removal by the neon-cluster-operator. This defaults to 720 minutes (12 hours) to give operations teams a chance to investigate potential recent problems.