NAIS Job example YAML¶
This is a complete example of an Naisjob
resource.
For an in-depth explanation of each field, head over to the reference documentation.
apiVersion: nais.io/v1
kind: Naisjob
metadata:
creationTimestamp: null
labels:
team: myteam
name: myjob
namespace: myteam
spec:
accessPolicy:
inbound:
rules:
- application: app1
- application: app2
namespace: q1
- application: app3
cluster: dev-gcp
namespace: q2
- application: '*'
namespace: q3
- application: app4
permissions:
scopes:
- custom-scope
- application: app5
permissions:
roles:
- custom-role
- application: app6
permissions:
roles:
- custom-role
scopes:
- custom-scope
outbound:
external:
- host: external-application.example.com
- host: non-http-service.example.com
ports:
- port: 9200
rules:
- application: app1
- application: app2
namespace: q1
- application: app3
cluster: dev-gcp
namespace: q2
- application: '*'
namespace: q3
activeDeadlineSeconds: 60
azure:
application:
allowAllUsers: true
claims:
groups:
- id: 00000000-0000-0000-0000-000000000000
enabled: true
backoffLimit: 5
command:
- /app/myapplication
- --param
- value
- --other-param
- other-value
completions: 1
concurrencyPolicy: Allow
env:
- name: MY_CUSTOM_VAR
value: some_value
- name: MY_APPLICATION_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
envFrom:
- secret: my-secret-with-envs
- configmap: my-configmap-with-envs
failedJobsHistoryLimit: 2
filesFrom:
- configmap: example-files-configmap
mountPath: /var/run/configmaps
- mountPath: /var/run/secrets
secret: my-secret-file
- emptyDir:
medium: Memory
mountPath: /var/cache
- mountPath: /var/run/pvc
persistentVolumeClaim: pvc-name
gcp:
bigQueryDatasets:
- cascadingDelete: true
description: Contains big data, supporting big queries, for use in big ideas.
name: my_bigquery_dataset1
permission: READWRITE
- description: Contains big data, supporting big queries, for use in big ideas.
name: my_bigquery_dataset2
permission: READ
buckets:
- cascadingDelete: true
lifecycleCondition:
age: 10
createdBefore: "2020-01-01"
numNewerVersions: 2
withState: ARCHIVED
name: my-cloud-storage-bucket
publicAccessPrevention: true
retentionPeriodDays: 30
uniformBucketLevelAccess: true
permissions:
- resource:
apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
kind: Project
name: myteam-dev-ab23
role: roles/cloudsql.client
sqlInstances:
- autoBackupHour: 1
cascadingDelete: true
collation: nb_NO.UTF8
databases:
- envVarPrefix: DB
name: mydatabase
users:
- name: extra_user
diskAutoresize: true
diskAutoresizeLimit: 60
diskSize: 30
diskType: SSD
flags:
- name: max_connections
value: "50"
highAvailability: true
insights:
enabled: true
queryStringLength: 4500
recordApplicationTags: true
recordClientAddress: true
maintenance:
day: 1
hour: 4
name: myinstance
pointInTimeRecovery: true
retainedBackups: 14
tier: db-f1-micro
transactionLogRetentionDays: 3
type: POSTGRES_12
image: navikt/testapp:69.0.0
influx:
instance: influx-instance
kafka:
pool: nav-dev
streams: true
liveness:
failureThreshold: 10
initialDelay: 20
path: /isalive
periodSeconds: 5
port: 8080
timeout: 1
logformat: accesslog_with_referer_useragent
logtransform: http_loglevel
maskinporten:
enabled: true
scopes:
consumes:
- name: skatt:scope.read
exposes:
- accessibleForAll: true
allowedIntegrations:
- maskinporten
atMaxAge: 30
consumers:
- name: KST
orgno: "123456789"
delegationSource: delegation-source
enabled: true
name: scope.read
product: arbeid
separator: ':'
observability:
autoInstrumentation:
destinations:
- id: my-destination
enabled: true
runtime: java
logging:
destinations:
- id: my-destination
enabled: true
tracing:
enabled: true
openSearch:
access: readwrite
instance: my-open-search-instance
parallelism: 1
preStopHook:
exec:
command:
- ./my
- --shell
- script
http:
path: /internal/stop
port: 8080
readiness:
failureThreshold: 10
initialDelay: 20
path: /isready
periodSeconds: 5
port: 8080
timeout: 1
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 200m
memory: 256Mi
restartPolicy: Never
schedule: '*/15 0 0 0 0'
secureLogs:
enabled: true
skipCaBundle: true
startup:
failureThreshold: 10
initialDelay: 20
path: /started
periodSeconds: 5
port: 8080
timeout: 1
successfulJobsHistoryLimit: 2
terminationGracePeriodSeconds: 60
timeZone: Europe/Oslo
ttlSecondsAfterFinished: 60
vault:
enabled: true
paths:
- format: env
kvPath: /kv/preprod/fss/application/namespace
mountPath: /var/run/secrets/nais.io/vault
webproxy: true
status: {}