diff --git a/deploy/cloud/init.sh b/deploy/cloud/init.sh
index 50d5584aa78..05a20d00879 100644
--- a/deploy/cloud/init.sh
+++ b/deploy/cloud/init.sh
@@ -38,6 +38,7 @@ retryPullImage ghcr.io/labring/sealos-cloud-dbprovider-frontend:latest
 retryPullImage ghcr.io/labring/sealos-cloud-costcenter-frontend:latest
 retryPullImage ghcr.io/labring/sealos-cloud-template-frontend:latest
 retryPullImage ghcr.io/labring/sealos-cloud-license-frontend:latest
+retryPullImage ghcr.io/labring/sealos-cloud-cronjob-frontend:latest
 
 retryPullImage ghcr.io/labring/sealos-cloud-database-service:latest
 retryPullImage ghcr.io/labring/sealos-cloud-job-init-controller:latest
@@ -56,6 +57,7 @@ sealos save -o tars/frontend-costcenter.tar ghcr.io/labring/sealos-cloud-costcen
 sealos save -o tars/frontend-applaunchpad.tar ghcr.io/labring/sealos-cloud-applaunchpad-frontend:latest
 sealos save -o tars/frontend-template.tar ghcr.io/labring/sealos-cloud-template-frontend:latest
 sealos save -o tars/frontend-license.tar ghcr.io/labring/sealos-cloud-license-frontend:latest
+sealos save -o tars/frontend-cronjob.tar ghcr.io/labring/sealos-cloud-cronjob-frontend:latest
 
 sealos save -o tars/database-service.tar ghcr.io/labring/sealos-cloud-database-service:latest
 sealos save -o tars/job-init.tar ghcr.io/labring/sealos-cloud-job-init-controller:latest
diff --git a/deploy/cloud/scripts/init.sh b/deploy/cloud/scripts/init.sh
index bdb4e6b13e4..dcf7541b37f 100644
--- a/deploy/cloud/scripts/init.sh
+++ b/deploy/cloud/scripts/init.sh
@@ -120,7 +120,7 @@ function sealos_run_frontend {
   echo "run desktop frontend"
   sealos run tars/frontend-desktop.tar \
     --env cloudDomain=$cloudDomain \
-    --env cloudPort=$cloudPort \
+    --env cloudPort="$cloudPort" \
     --env certSecretName="wildcard-cert" \
     --env passwordEnabled="true" \
     --config-file etc/sealos/desktop-config.yaml
@@ -128,25 +128,25 @@ function sealos_run_frontend {
   echo "run applaunchpad frontend"
   sealos run tars/frontend-applaunchpad.tar \
   --env cloudDomain=$cloudDomain \
-  --env cloudPort=$cloudPort \
+  --env cloudPort="$cloudPort" \
   --env certSecretName="wildcard-cert"
 
   echo "run terminal frontend"
   sealos run tars/frontend-terminal.tar \
   --env cloudDomain=$cloudDomain \
-  --env cloudPort=$cloudPort \
+  --env cloudPort="$cloudPort" \
   --env certSecretName="wildcard-cert"
 
   echo "run dbprovider frontend"
   sealos run tars/frontend-dbprovider.tar \
   --env cloudDomain=$cloudDomain \
-  --env cloudPort=$cloudPort \
+  --env cloudPort="$cloudPort" \
   --env certSecretName="wildcard-cert"
 
   echo "run cost center frontend"
   sealos run tars/frontend-costcenter.tar \
   --env cloudDomain=$cloudDomain \
-  --env cloudPort=$cloudPort \
+  --env cloudPort="$cloudPort" \
   --env certSecretName="wildcard-cert" \
   --env transferEnabled="true" \
   --env rechargeEnabled="false"
@@ -154,22 +154,29 @@ function sealos_run_frontend {
   echo "run template frontend"
   sealos run tars/frontend-template.tar \
   --env cloudDomain=$cloudDomain \
-  --env cloudPort=$cloudPort \
+  --env cloudPort="$cloudPort" \
   --env certSecretName="wildcard-cert"
 
   echo "run license frontend"
   sealos run tars/frontend-license.tar \
   --env cloudDomain=$cloudDomain \
-  --env cloudPort=$cloudPort \
-  --env certSecretName="wildcard-cert"
+  --env cloudPort="$cloudPort" \
+  --env certSecretName="wildcard-cert" \
   --env licensePurchaseDomain="license.sealos.io"
 
+  echo "run cronjob frontend"
+  sealos run tars/frontend-cronjob.tar \
+  --env cloudDomain=$cloudDomain \
+  --env cloudPort="$cloudPort" \
+  --env certSecretName="wildcard-cert"
+
+
   echo "run db monitoring"
   sealos run tars/database-service.tar
 }
 
 function resource_exists {
-  kubectl get $1 >/dev/null 2>&1
+  kubectl get "$1" >/dev/null 2>&1
 }
 
 
diff --git a/frontend/providers/cronjob/Makefile b/frontend/providers/cronjob/Makefile
index 0b275121adc..f780130344f 100644
--- a/frontend/providers/cronjob/Makefile
+++ b/frontend/providers/cronjob/Makefile
@@ -1,4 +1,4 @@
-SERVICE_NAME=sealos-db-provider
+SERVICE_NAME=sealos-cronjob
 # Image URL to use all building/pushing image targets
 IMG ?= $(SERVICE_NAME):latest
 
@@ -34,4 +34,4 @@ run: ## Run a dev service from host.
 
 .PHONY: docker-build
 docker-build: ## Build docker image with the desktop-frontend.
-	docker build -t sealos-db-provider:latest . --network host  --build-arg HTTP_PROXY=http://127.0.0.1:7890 --build-arg HTTPS_PROXY=http://127.0.0.1:7890
+	docker build -t sealos-cronjob:latest . --network host  --build-arg HTTP_PROXY=http://127.0.0.1:7890 --build-arg HTTPS_PROXY=http://127.0.0.1:7890
diff --git a/frontend/providers/cronjob/deploy/Kubefile b/frontend/providers/cronjob/deploy/Kubefile
index 376e6184351..d1537f2f426 100644
--- a/frontend/providers/cronjob/deploy/Kubefile
+++ b/frontend/providers/cronjob/deploy/Kubefile
@@ -6,6 +6,7 @@ COPY registry registry
 COPY manifests manifests
 
 ENV cloudDomain="127.0.0.1.nip.io"
+ENV cloudPort=""
 ENV certSecretName="wildcard-cert"
 
 CMD ["kubectl apply -f manifests"]
diff --git a/frontend/providers/cronjob/deploy/manifests/ingress.yaml.tmpl b/frontend/providers/cronjob/deploy/manifests/ingress.yaml.tmpl
index eac96bad833..5a5cafc76b5 100644
--- a/frontend/providers/cronjob/deploy/manifests/ingress.yaml.tmpl
+++ b/frontend/providers/cronjob/deploy/manifests/ingress.yaml.tmpl
@@ -1,12 +1,32 @@
+# Copyright © 2023 sealos.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
     kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/rewrite-target: /
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, DELETE, PATCH, OPTIONS"
+    nginx.ingress.kubernetes.io/cors-allow-origin: "https://{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}, https://*.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}"
+    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+    nginx.ingress.kubernetes.io/cors-max-age: "600"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
     nginx.ingress.kubernetes.io/configuration-snippet: |
       more_clear_headers "X-Frame-Options:";
-      more_set_headers "Content-Security-Policy: default-src * blob: data: *.{{ .cloudDomain }} {{ .cloudDomain }}; img-src * data: blob: resource: *.{{ .cloudDomain }} {{ .cloudDomain }}; connect-src * wss: blob: resource:; style-src 'self' 'unsafe-inline' blob: *.{{ .cloudDomain }} {{ .cloudDomain }} resource:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.{{ .cloudDomain }} {{ .cloudDomain }} resource: *.baidu.com *.bdstatic.com; frame-src 'self' {{ .cloudDomain }} mailto: tel: weixin: mtt: *.baidu.com; frame-ancestors 'self' https://{{ .cloudDomain }} https://*.{{ .cloudDomain }}";
+      more_set_headers "Content-Security-Policy: default-src * blob: data: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}; img-src * data: blob: resource: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}; connect-src * wss: blob: resource:; style-src 'self' 'unsafe-inline' blob: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} resource:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} resource: *.baidu.com *.bdstatic.com https://js.stripe.com; frame-src 'self' *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} mailto: tel: weixin: mtt: *.baidu.com https://js.stripe.com; frame-ancestors 'self' https://{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} https://*.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}";
       more_set_headers "X-Xss-Protection: 1; mode=block";
       
       if ($request_uri ~* \.(js|css|gif|jpe?g|png)) {
diff --git a/frontend/providers/license/deploy/manifests/ingress.yaml.tmpl b/frontend/providers/license/deploy/manifests/ingress.yaml.tmpl
index 0d129b37f00..bde19a4f49e 100644
--- a/frontend/providers/license/deploy/manifests/ingress.yaml.tmpl
+++ b/frontend/providers/license/deploy/manifests/ingress.yaml.tmpl
@@ -50,4 +50,4 @@ spec:
   tls:
     - hosts:
         - license.{{ .cloudDomain }}
-      secretName: wildcard-cert
+      secretName: {{ .certSecretName }}