Teams

Access to a resource in NAIS is based on a label set on the resource called team. In the context of Azure Active Directory a group is the same as a team, and you may already be part of a team that has applications on NAIS.

Every group in AAD has a so-called mailnick/tag, this is what NAIS generally uses to identify teams. When viewing a group, the mailnick is the value before the @ in the email field.

Creating a new team

  • To create a new team, make a pull request to the teams repository on Github

  • The group's owners can manage the group using either outlook or AAD

  • The following resources will be generated for the new team:

nais-teams
  • An Azure AD group is created, and can be viewed in the Azure portal

  • A GitHub team is created.

  • Deploy keys are created, and can be obtained in the NAIS deploy frontend.

  • GCP users are provisioned, and users can log in to the Google Cloud Console using their NAV e-mail address.

  • Two GCP projects are provisioned, one for development and one for production. See https://console.cloud.google.com/home/dashboard?project=<(dev|prod)-yourteamname>.

  • Namespaces are provisioned in all Kubernetes clusters.

Access to API keys

In order to access team API keys, go to deploy.nais.io. Here you will find API keys for all teams you are a member of.

Rotate API key for a team

Go to deploy.nais.io and click on "Create new key" button for

Team namespaces

Team namespaces are supported in both on-prem and in GCP. Refer to the team namespaces documentation for details.