CronJob Deadline Not Configured

• Query id: 192fe40b-b1c3-448a-aba2-6cc19a300fe3
• Query name: CronJob Deadline Not Configured
• Platform: Kubernetes
• Severity: Low
• Category: Resource Management
• URL: Github

Description

Cronjobs must have a configured deadline, which means the attribute 'startingDeadlineSeconds' must be defined
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

#this is a problematic code where the query should report a result(s)
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: hello
spec:
  schedule: "*/1 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: hello
            image: busybox
            args:
            - /bin/sh
            - -c
            - date; echo Hello from the Kubernetes cluster
          restartPolicy: OnFailure

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: hello
spec:
  schedule: "*/1 * * * *"
  startingDeadlineSeconds: 100
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: hello
            image: busybox
            args:
            - /bin/sh
            - -c
            - date; echo Hello from the Kubernetes cluster
          restartPolicy: OnFailure