diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5cd2af2fa49d5b11eaedc0f10a4df63a941d05d9..70b29e8fac366d3901f4156607910ec7920f4e3a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -123,3 +123,19 @@ push-sshd:
   needs:
     - job: build-sshd
       artifacts: true
+
+# crond image:
+
+build-crond:
+  extends: .build
+  variables:
+    CONTEXT: crond
+
+push-crond:
+  extends: .push
+  variables:
+    CONTEXT: crond
+    IMAGE: cron
+  needs:
+    - job: build-crond
+      artifacts: true
diff --git a/crond/.dockerignore b/crond/.dockerignore
new file mode 100644
index 0000000000000000000000000000000000000000..72e8ffc0db8aad71a934dd11e5968bd5109e54b4
--- /dev/null
+++ b/crond/.dockerignore
@@ -0,0 +1 @@
+*
diff --git a/crond/Dockerfile b/crond/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..0becbc9b3aa629fce57e39d595dc656f67e92096
--- /dev/null
+++ b/crond/Dockerfile
@@ -0,0 +1,20 @@
+FROM alpine:3.14 as downloader
+ARG URL=https://github.com/aptible/supercronic/releases/download/v0.1.12/supercronic-linux-amd64
+ARG SHA1SUM=048b95b48b708983effb2e5c935a1ef8483d9e3e
+WORKDIR /tmp
+RUN wget -q $URL && \
+    echo "$SHA1SUM  supercronic-linux-amd64" > sha1.sum && \
+    sha1sum -c sha1.sum && \
+    install -m 755 supercronic-linux-amd64 /usr/local/bin/supersonic && \
+    touch /crontab
+
+FROM alpine:3.14
+COPY --from=downloader /usr/local/bin/supersonic /usr/local/bin/supersonic
+COPY --from=downloader /crontab /crontab
+WORKDIR /tmp
+USER nobody
+CMD [ "supersonic", "/crontab" ]
+HEALTHCHECK CMD pgrep supersonic
+RUN supersonic -test /crontab
+ONBUILD COPY crontab /crontab
+ONBUILD RUN supersonic -test /crontab
diff --git a/crond/README.md b/crond/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..67191b3cbd9e9b1b2a1245670a904db284c92a7e
--- /dev/null
+++ b/crond/README.md
@@ -0,0 +1,29 @@
+# Cron docker
+
+A Docker image for running a Cron daemon, actually running
+[Supersonic](https://github.com/aptible/supercronic).
+
+## Usage
+
+There are possible usage patterns for this image. The first is using it in a
+multi-stage image build as the source of the `supersonic` binary to incorporate
+in your own image like so:
+
+```
+FROM registry.shore.co.il/cron as supersonic
+
+FROM alpine:latest
+COPY --from=supersonic /usr/local/bin/supersonic /usr/local/bin/
+```
+
+The other pattern is building on top of this image to run some periodic tasks.
+The `ONBUILD` commands will copy the crontab file and validate it. Just copy
+whatever scripts and install whatever packages you need, like so:
+
+```
+FROM registry.shore.co.il/cron
+COPY script /usr/local/bin/
+USER root
+RUN apk add --update --no-cache aws-cli
+USER nobody
+```