Job Scheduler — Distributed Cron System

A distributed job scheduler is a foundational infrastructure component that appears in system design interviews at companies building data pipelines, automation platforms, and backend services. The problem requires designing a system that reliably executes tasks at specified times or on recurring cron schedules, scales to thousands of jobs per second, and guarantees that each job runs exactly once even in the presence of failures. This tests a candidate's understanding of leader election, distributed queues, idempotency, and failure recovery.

In production, systems like Airflow, Celery, and Sidekiq power critical business workflows ranging from daily report generation to real-time data pipeline triggers. A large-scale job scheduler at companies like Uber or LinkedIn may coordinate millions of scheduled tasks across thousands of workers. The scheduler must handle both short-lived tasks (sending an email in 100ms) and long-running jobs (generating a multi-hour analytics report) without one type starving the other.

The core challenges include achieving sub-second scheduling precision so that jobs execute within 1 second of their scheduled time, preventing double execution when workers crash and jobs are retried, surviving scheduler node failures without missing scheduled triggers, and providing per-tenant isolation so that one user's workload surge does not delay another user's critical jobs. The scheduler must also maintain a complete execution history so that operators can audit when jobs ran, how long they took, and whether they succeeded or failed.

Candidates are expected to reason about the trade-off between a single-leader scheduler (simple but a potential bottleneck) versus distributed scheduling (scalable but prone to duplicate execution). They should also explain why message queues like Kafka decouple scheduling from execution, and why separate worker pools for short and long jobs prevent head-of-line blocking.

The architecture follows a database-backed queue pattern with a leader-elected scheduler, inspired by production systems like Airflow and Celery. A single JobService handles both the API layer (CRUD for job definitions, status queries, manual triggers) and the scheduling loop. One instance is elected leader via a PostgreSQL advisory lock, and this leader polls the jobs table every second for rows where next_run_at is less than or equal to the current time. Due jobs are pushed to Kafka for reliable, decoupled execution.

The API tier consists of an API Gateway for authentication and per-tenant rate limiting, an Application Load Balancer for traffic distribution, and 6 JobService pods running 80 threads each for 60K sustained RPS capacity. The leader instance runs the scheduler loop in addition to serving API traffic. If the leader dies, another instance acquires the advisory lock within 5-10 seconds and resumes scheduling. The leader creates an execution record with an idempotency key (job_id combined with scheduled_time) before publishing to Kafka, preventing duplicate execution even if the leader fails mid-publish.

The data layer includes PostgreSQL (16 partitions, 2 replicas) as the source of truth for job definitions and execution history, with a time-bucket index on next_run_at for efficient scheduler polling. Redis (2-node ElastiCache cluster) caches recent job execution state with an 80% hit rate, reducing database load for the frequent status-polling queries from monitoring dashboards. The execution queue uses Kafka (32 partitions, 500K msg/sec capacity) to buffer jobs between the scheduler and workers.

Two separate worker pools prevent head-of-line blocking. ShortJobWorker (40 instances) handles tasks under 1 minute such as email sends, webhook calls, and cache invalidations. LongJobWorker (10 instances with higher CPU and memory) handles tasks over 1 minute such as report generation, batch ETL, and database backups. Each worker checks the idempotency key before executing, writes results back to PostgreSQL, and updates the Redis cache. Long workers use heartbeat-based liveness detection so that stalled jobs are re-enqueued for another worker.