feat(helm): added CRON jobs to helm charts (#1107)

Author: waleedlatif1

helm/sim/README.md

@@ -314,6 +314,42 @@ The following table lists the configurable parameters and their default values.
 | `migrations.podSecurityContext` | Migrations pod security context | `fsGroup: 1001` |
 | `migrations.securityContext` | Migrations container security context | `runAsNonRoot: true, runAsUser: 1001` |
 
+### CronJob Parameters
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `cronjobs.enabled` | Enable all scheduled cron jobs | `true` |
+| `cronjobs.image.repository` | CronJob image repository for HTTP requests | `curlimages/curl` |
+| `cronjobs.image.tag` | CronJob image tag | `8.5.0` |
+| `cronjobs.image.pullPolicy` | CronJob image pull policy | `IfNotPresent` |
+| `cronjobs.resources` | CronJob resource limits and requests | See values.yaml |
+| `cronjobs.restartPolicy` | CronJob pod restart policy | `OnFailure` |
+| `cronjobs.activeDeadlineSeconds` | CronJob active deadline in seconds | `300` |
+| `cronjobs.startingDeadlineSeconds` | CronJob starting deadline in seconds | `60` |
+| `cronjobs.podSecurityContext` | CronJob pod security context | `fsGroup: 1001` |
+| `cronjobs.securityContext` | CronJob container security context | `runAsNonRoot: true, runAsUser: 1001` |
+| `cronjobs.jobs.scheduleExecution.enabled` | Enable schedule execution cron job | `true` |
+| `cronjobs.jobs.scheduleExecution.name` | Schedule execution job name | `schedule-execution` |
+| `cronjobs.jobs.scheduleExecution.schedule` | Schedule execution cron schedule | `"*/1 * * * *"` |
+| `cronjobs.jobs.scheduleExecution.path` | Schedule execution API path | `"/api/schedules/execute"` |
+| `cronjobs.jobs.scheduleExecution.concurrencyPolicy` | Schedule execution concurrency policy | `Forbid` |
+| `cronjobs.jobs.scheduleExecution.successfulJobsHistoryLimit` | Schedule execution successful jobs history | `3` |
+| `cronjobs.jobs.scheduleExecution.failedJobsHistoryLimit` | Schedule execution failed jobs history | `1` |
+| `cronjobs.jobs.gmailWebhookPoll.enabled` | Enable Gmail webhook polling cron job | `true` |
+| `cronjobs.jobs.gmailWebhookPoll.name` | Gmail webhook polling job name | `gmail-webhook-poll` |
+| `cronjobs.jobs.gmailWebhookPoll.schedule` | Gmail webhook polling cron schedule | `"*/1 * * * *"` |
+| `cronjobs.jobs.gmailWebhookPoll.path` | Gmail webhook polling API path | `"/api/webhooks/poll/gmail"` |
+| `cronjobs.jobs.gmailWebhookPoll.concurrencyPolicy` | Gmail webhook polling concurrency policy | `Forbid` |
+| `cronjobs.jobs.gmailWebhookPoll.successfulJobsHistoryLimit` | Gmail webhook polling successful jobs history | `3` |
+| `cronjobs.jobs.gmailWebhookPoll.failedJobsHistoryLimit` | Gmail webhook polling failed jobs history | `1` |
+| `cronjobs.jobs.outlookWebhookPoll.enabled` | Enable Outlook webhook polling cron job | `true` |
+| `cronjobs.jobs.outlookWebhookPoll.name` | Outlook webhook polling job name | `outlook-webhook-poll` |
+| `cronjobs.jobs.outlookWebhookPoll.schedule` | Outlook webhook polling cron schedule | `"*/1 * * * *"` |
+| `cronjobs.jobs.outlookWebhookPoll.path` | Outlook webhook polling API path | `"/api/webhooks/poll/outlook"` |
+| `cronjobs.jobs.outlookWebhookPoll.concurrencyPolicy` | Outlook webhook polling concurrency policy | `Forbid` |
+| `cronjobs.jobs.outlookWebhookPoll.successfulJobsHistoryLimit` | Outlook webhook polling successful jobs history | `3` |
+| `cronjobs.jobs.outlookWebhookPoll.failedJobsHistoryLimit` | Outlook webhook polling failed jobs history | `1` |
+
 ### Shared Storage Parameters
 
 | Parameter | Description | Default |
@@ -509,6 +545,46 @@ This creates network policies that:
 - Permit DNS resolution and HTTPS egress
 - Support custom ingress/egress rules
 
+### CronJobs for Scheduled Tasks
+
+Enable automated scheduled tasks functionality:
+
+```yaml
+cronjobs:
+  enabled: true
+  
+  # Customize individual jobs
+  jobs:
+    scheduleExecution:
+      enabled: true
+      schedule: "*/1 * * * *"  # Every minute
+    
+    gmailWebhookPoll:
+      enabled: true
+      schedule: "*/1 * * * *"  # Every minute
+    
+    outlookWebhookPoll:
+      enabled: true
+      schedule: "*/1 * * * *"  # Every minute
+    
+      
+  # Global job configuration
+  resources:
+    limits:
+      memory: "256Mi"
+      cpu: "200m"
+    requests:
+      memory: "128Mi"
+      cpu: "100m"
+```
+
+This creates Kubernetes CronJob resources that:
+- Execute HTTP requests to your application's API endpoints
+- Handle retries and error logging automatically
+- Use minimal resources with curl-based containers
+- Support individual enable/disable per job
+- Follow Kubernetes security best practices
+
 ### High Availability
 
 Configure pod disruption budgets and anti-affinity:

helm/sim/templates/cronjobs.yaml

@@ -0,0 +1,90 @@
+{{- if .Values.cronjobs.enabled }}
+{{- range $jobKey, $jobConfig := .Values.cronjobs.jobs }}
+{{- if $jobConfig.enabled }}
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "sim.fullname" $ }}-{{ $jobConfig.name }}
+  labels:
+    {{- include "sim.labels" $ | nindent 4 }}
+    app.kubernetes.io/component: cronjob-{{ $jobConfig.name }}
+spec:
+  schedule: {{ $jobConfig.schedule | quote }}
+  concurrencyPolicy: {{ $jobConfig.concurrencyPolicy | default "Forbid" }}
+  successfulJobsHistoryLimit: {{ $jobConfig.successfulJobsHistoryLimit | default 3 }}
+  failedJobsHistoryLimit: {{ $jobConfig.failedJobsHistoryLimit | default 1 }}
+  {{- with $.Values.cronjobs.startingDeadlineSeconds }}
+  startingDeadlineSeconds: {{ . }}
+  {{- end }}
+  jobTemplate:
+    spec:
+      {{- with $.Values.cronjobs.activeDeadlineSeconds }}
+      activeDeadlineSeconds: {{ . }}
+      {{- end }}
+      template:
+        metadata:
+          labels:
+            {{- include "sim.selectorLabels" $ | nindent 12 }}
+            app.kubernetes.io/component: cronjob-{{ $jobConfig.name }}
+        spec:
+          restartPolicy: {{ $.Values.cronjobs.restartPolicy | default "OnFailure" }}
+          {{- with $.Values.cronjobs.podSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          containers:
+          - name: {{ $jobConfig.name }}
+            image: "{{ $.Values.cronjobs.image.repository }}:{{ $.Values.cronjobs.image.tag }}"
+            imagePullPolicy: {{ $.Values.cronjobs.image.pullPolicy }}
+            {{- with $.Values.cronjobs.securityContext }}
+            securityContext:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+            command:
+            - /bin/sh
+            - -c
+            args:
+            - |
+              echo "Starting cron job: {{ $jobConfig.name }}"
+              echo "Making HTTP request to {{ $jobConfig.path }}"
+              
+              # Determine the service URL (use internal service regardless of ingress)
+              SERVICE_URL="http://{{ include "sim.fullname" $ }}-app:{{ $.Values.app.service.port }}"
+              
+              # Make the HTTP request with timeout and retry logic
+              for i in $(seq 1 3); do
+                echo "Attempt $i/3"
+                if curl -f -s -S --max-time 60 --retry 2 --retry-delay 5 \
+                  -H "Content-Type: application/json" \
+                  -H "User-Agent: Kubernetes-CronJob/{{ $jobConfig.name }}" \
+                  "$SERVICE_URL{{ $jobConfig.path }}"; then
+                  echo "Success: HTTP request completed"
+                  exit 0
+                fi
+                echo "Attempt $i failed, retrying..."
+                sleep 10
+              done
+              echo "Error: All attempts failed"
+              exit 1
+            resources:
+              {{- toYaml $.Values.cronjobs.resources | nindent 14 }}
+          {{- with $.Values.global.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with $.Values.app.nodeSelector }}
+          nodeSelector:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with $.Values.affinity }}
+          affinity:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with $.Values.tolerations }}
+          tolerations:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}

helm/sim/values.yaml

@@ -582,6 +582,68 @@ affinity: {}
 # Tolerations for scheduling on tainted nodes
 tolerations: []
 
+# CronJob configuration for scheduled tasks
+cronjobs:
+  # Enable/disable all cron jobs
+  enabled: true
+  
+  # Individual job configurations
+  jobs:
+    scheduleExecution:
+      enabled: true
+      name: schedule-execution
+      schedule: "*/1 * * * *"
+      path: "/api/schedules/execute"
+      concurrencyPolicy: Forbid
+      successfulJobsHistoryLimit: 3
+      failedJobsHistoryLimit: 1
+      
+    gmailWebhookPoll:
+      enabled: true
+      name: gmail-webhook-poll
+      schedule: "*/1 * * * *"
+      path: "/api/webhooks/poll/gmail"
+      concurrencyPolicy: Forbid
+      successfulJobsHistoryLimit: 3
+      failedJobsHistoryLimit: 1
+      
+    outlookWebhookPoll:
+      enabled: true
+      name: outlook-webhook-poll
+      schedule: "*/1 * * * *"
+      path: "/api/webhooks/poll/outlook"
+      concurrencyPolicy: Forbid
+      successfulJobsHistoryLimit: 3
+      failedJobsHistoryLimit: 1
+      
+
+  # Global CronJob settings
+  image:
+    repository: curlimages/curl
+    tag: 8.5.0
+    pullPolicy: IfNotPresent
+    
+  resources:
+    limits:
+      memory: "128Mi"
+      cpu: "100m"
+    requests:
+      memory: "64Mi"
+      cpu: "50m"
+      
+  restartPolicy: OnFailure
+  activeDeadlineSeconds: 300
+  startingDeadlineSeconds: 60
+  
+  # Pod security context
+  podSecurityContext:
+    fsGroup: 1001
+  
+  # Container security context
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 1001
+
 # Observability and telemetry configuration
 telemetry:
   # Enable/disable telemetry collection