Access from laptop¶
This guide will take you through the required tools and permissions that need to be in place for you to be able to operate your own NAIS application directly from your laptop.
Set up a team¶
The primary unit of access is a team, whose origin lies in NAIS teams. Each team is given its own namespace with the same name as the team. The team will have unrestricted access to all Kubernetes assets in that namespace.
See creating a new team to get started with teams. After creating a new team, you should have access to all clusters.
You're probably part of an existing team
If this is your first time here, chances are that you're already part of a team in the context of NAIS. Please speak with your colleagues in order to figure this out. You can also log in to NAIS console and check.
naisdevice ensures that your laptop meets NAVs requirements before allowing access to internal resources such as our NAIS clusters. Install by following the naisdevice installation guide.
nais-cli is a simple CLI application that developers in NAV can use. Install by following the nais-cli installation guide.
kubectl is a command-line tool used to manage your Kubernetes resources.
kubectl´s official documentation for instructions on how to install the binaries.
brew to manage
kubectl will make it troublesome to be within the version skew, as it's hard to downgrade
kubectl to older versions.
Therefor we recommend installing
kubectl manually, or through tools like asdf.
kubectl tool uses a
kubeconfig file to get the information it needs in order to connect to a cluster.
We provide the command nais kubeconfig to set up the necessary clusters.
kubectl will by default look for a file named
config in the
If you have configured
If you have configured
kubectl before, ensure you have updated
nais-cli and run
nais kubeconfig --clean.
Google Cloud Platform (GCP)¶
Before following these steps, make sure your team is enabled for Google Cloud Platform.
You will also need to perform a self-service step to synchronize your user from Azure AD to Google Cloud Platform. This can be done by following these steps:
- Login to My Apps > Add Application
- Locate "Google Cloud Platform", and click on the icon
After you have done this your user will be synced to Google Cloud Platform. The sync is not instantaneous, but usually does not take more than a few minutes.
First you need to install
gcloud following the instructions for your platform.
Once installed, you need to authenticate with Google using your NAV e-mail.
You will also need to install a plugin in order to authenticate to the Kubernetes clusters:
Then, select a cluster:
And verify that you're connected:
Before accessing on-premise clusters, you need to install
When connecting to on-premise clusters, you need to authenticate with Azure AD.
When prompted like above, go to the address and enter the code.
You then log in with your NAV e-mail and password.
kubectl will update your
kubeconfig-file with the tokens needed to gain access to the cluster.
- kubectx - Simplifies changing cluster and namespace context.
- kubeaware - Visualize which cluster and namespace is currently active.
- Starship - Visualize which cluster and namespace is currently active in your terminal prompt, amongst many other things. Kubernetes specific config
- emacs-kubectx-mode - Switch kubectl context and namespace in Emacs and display current setting in mode line.