Skip to content

NAIS Job example YAML

This is a complete example of an Naisjob resource.

For an in-depth explanation of each field, head over to the reference documentation.

apiVersion: nais.io/v1
kind: Naisjob
metadata:
  creationTimestamp: null
  labels:
    team: myteam
  name: myjob
  namespace: myteam
spec:
  accessPolicy:
    inbound:
      rules:
      - application: app1
      - application: app2
        namespace: q1
      - application: app3
        cluster: dev-gcp
        namespace: q2
      - application: '*'
        namespace: q3
      - application: app4
        permissions:
          scopes:
          - custom-scope
      - application: app5
        permissions:
          roles:
          - custom-role
      - application: app6
        permissions:
          roles:
          - custom-role
          scopes:
          - custom-scope
    outbound:
      external:
      - host: external-application.example.com
      - host: non-http-service.example.com
        ports:
        - port: 9200
      rules:
      - application: app1
      - application: app2
        namespace: q1
      - application: app3
        cluster: dev-gcp
        namespace: q2
      - application: '*'
        namespace: q3
  activeDeadlineSeconds: 60
  azure:
    application:
      allowAllUsers: true
      claims:
        groups:
        - id: 00000000-0000-0000-0000-000000000000
      enabled: true
  backoffLimit: 5
  command:
  - /app/myapplication
  - --param
  - value
  - --other-param
  - other-value
  completions: 1
  concurrencyPolicy: Allow
  env:
  - name: MY_CUSTOM_VAR
    value: some_value
  - name: MY_APPLICATION_NAME
    valueFrom:
      fieldRef:
        fieldPath: metadata.name
  envFrom:
  - secret: my-secret-with-envs
  - configmap: my-configmap-with-envs
  failedJobsHistoryLimit: 2
  filesFrom:
  - configmap: example-files-configmap
    mountPath: /var/run/configmaps
  - mountPath: /var/run/secrets
    secret: my-secret-file
  - emptyDir:
      medium: Memory
    mountPath: /var/cache
  - mountPath: /var/run/pvc
    persistentVolumeClaim: pvc-name
  gcp:
    bigQueryDatasets:
    - cascadingDelete: true
      description: Contains big data, supporting big queries, for use in big ideas.
      name: my_bigquery_dataset1
      permission: READWRITE
    - description: Contains big data, supporting big queries, for use in big ideas.
      name: my_bigquery_dataset2
      permission: READ
    buckets:
    - cascadingDelete: true
      lifecycleCondition:
        age: 10
        createdBefore: "2020-01-01"
        numNewerVersions: 2
        withState: ARCHIVED
      name: my-cloud-storage-bucket
      publicAccessPrevention: true
      retentionPeriodDays: 30
      uniformBucketLevelAccess: true
    permissions:
    - resource:
        apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
        kind: Project
        name: myteam-dev-ab23
      role: roles/cloudsql.client
    sqlInstances:
    - autoBackupHour: 1
      cascadingDelete: true
      collation: nb_NO.UTF8
      databases:
      - envVarPrefix: DB
        name: mydatabase
        users:
        - name: extra_user
      diskAutoresize: true
      diskAutoresizeLimit: 60
      diskSize: 30
      diskType: SSD
      flags:
      - name: max_connections
        value: "50"
      highAvailability: true
      insights:
        enabled: true
        queryStringLength: 4500
        recordApplicationTags: true
        recordClientAddress: true
      maintenance:
        day: 1
        hour: 4
      name: myinstance
      pointInTimeRecovery: true
      retainedBackups: 14
      tier: db-f1-micro
      transactionLogRetentionDays: 3
      type: POSTGRES_12
  image: navikt/testapp:69.0.0
  influx:
    instance: influx-instance
  kafka:
    pool: nav-dev
    streams: true
  liveness:
    failureThreshold: 10
    initialDelay: 20
    path: /isalive
    periodSeconds: 5
    port: 8080
    timeout: 1
  logformat: accesslog_with_referer_useragent
  logtransform: http_loglevel
  maskinporten:
    enabled: true
    scopes:
      consumes:
      - name: skatt:scope.read
      exposes:
      - accessibleForAll: true
        allowedIntegrations:
        - maskinporten
        atMaxAge: 30
        consumers:
        - name: KST
          orgno: "123456789"
        delegationSource: delegation-source
        enabled: true
        name: scope.read
        product: arbeid
        separator: ':'
        visibility: public
  observability:
    autoInstrumentation:
      destinations:
      - id: my-destination
      enabled: true
      runtime: java
    logging:
      destinations:
      - id: my-destination
      enabled: true
    tracing:
      enabled: true
  openSearch:
    access: readwrite
    instance: my-open-search-instance
  parallelism: 1
  preStopHook:
    exec:
      command:
      - ./my
      - --shell
      - script
    http:
      path: /internal/stop
      port: 8080
  readiness:
    failureThreshold: 10
    initialDelay: 20
    path: /isready
    periodSeconds: 5
    port: 8080
    timeout: 1
  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 200m
      memory: 256Mi
  restartPolicy: Never
  schedule: '*/15 0 0 0 0'
  secureLogs:
    enabled: true
  skipCaBundle: true
  startup:
    failureThreshold: 10
    initialDelay: 20
    path: /started
    periodSeconds: 5
    port: 8080
    timeout: 1
  successfulJobsHistoryLimit: 2
  terminationGracePeriodSeconds: 60
  timeZone: Europe/Oslo
  ttlSecondsAfterFinished: 60
  vault:
    enabled: true
    paths:
    - format: env
      kvPath: /kv/preprod/fss/application/namespace
      mountPath: /var/run/secrets/nais.io/vault
  webproxy: true
status: {}