Why

First, hello evryone!!! I need to create a cronjob in karpenter in the right way, and I need to understand servie accounts and roles.

What We Need to Do

In this post, we are going to talk about cronjobs and how to use them the right way, especially with roles. Let’s make it simple.

What is a Cronjob?

So, what exactly is a cronjob? A cronjob is a way to schedule tasks on a computer to run automatically. In this case, we need to execute a specific command using a cronjob.

Roles and Permissions with cronjobs

On most systems, you can set up cronjobs for differents users. Now, let’s go over some best practices for cronjobs with roles.

Example

Imagine you want a cronjob to check a specific pod. Here’s how you’d do it:

1. First, create a service account The service account is like a “user” that the cronjob will run under. This way, the cronjob will have the right permissions when it runs.

1
2
3

kind: ServiceAccount
metadata:
  name: cronjob-sa

2. Second, create a role The role defines what actions the service account can perform. This is important for security, as it ensures the cronjob can only do what it needs to do.

1
2
3
4

kind: ClusterRole
rules:
  - resources: ["pods"]
    verbs: ["list", "get"]

3. Next, create a rolebinding A rolebinding links the service account with the role. This step ensures that the service account has the right permissions to perform the actions defined in the role.

1
2
3
4
5
6
7
8

kind: ClusterRoleBinding
subjects:
  - kind: ServiceAccount
    name: cronjob-sa
roleRef:
  kind: ClusterRole
  name: pod-access
  apiGroup: rbac.authorization.k8s.io

4. Lastly, create the cronjob Finally, create the cronjob that will execute the task of describing the pod.

The link code is this: 👉 🔗 code

In this picture you can see an executed job sucessfully but in case we need to execute another actions outside of the scope.

Conclusion

That’s it! Now you know the basics of cronjobs, roles, and services accounts. See you in the next blog post.