Skip to content

NAIS Application example YAML

This is a complete example of an Application resource, commonly known as the nais.yaml file.

For an in-depth explanation of each field, head over to the reference documentation.

apiVersion: nais.io/v1alpha1
kind: Application
metadata:
  creationTimestamp: null
  labels:
    team: myteam
  name: myapplication
  namespace: myteam
spec:
  accessPolicy:
    inbound:
      rules:
      - application: app1
      - application: app2
        namespace: q1
      - application: app3
        cluster: dev-gcp
        namespace: q2
      - application: '*'
        namespace: q3
    outbound:
      external:
      - host: external-application.example.com
      - host: non-http-service.example.com
        ports:
        - name: kafka
          port: 9200
          protocol: TCP
      rules:
      - application: app1
      - application: app2
        namespace: q1
      - application: app3
        cluster: dev-gcp
        namespace: q2
      - application: '*'
        namespace: q3
  azure:
    application:
      claims:
        extra:
        - NAVident
        - azp_name
        groups:
        - id: 00000000-0000-0000-0000-000000000000
      enabled: true
      replyURLs:
      - https://myapplication.nav.no/oauth2/callback
      tenant: nav.no
  command:
  - /app/myapplication
  - --param
  - value
  - --other-param
  - other-value
  elastic:
    instance: my-elastic-instance
  env:
  - name: MY_CUSTOM_VAR
    value: some_value
  - name: MY_APPLICATION_NAME
    valueFrom:
      fieldRef:
        fieldPath: metadata.name
  envFrom:
  - secret: my-secret-with-envs
  - configmap: my-configmap-with-envs
  filesFrom:
  - configmap: example-files-configmap
    mountPath: /var/run/configmaps
  - mountPath: /var/run/secrets
    secret: my-secret-file
  gcp:
    bigQueryDatasets:
    - cascadingDelete: true
      description: Contains big data, supporting big queries, for use in big ideas.
      name: my_bigquery_dataset1
      permission: READWRITE
    - description: Contains big data, supporting big queries, for use in big ideas.
      name: my_bigquery_dataset2
      permission: READ
    buckets:
    - cascadingDelete: true
      lifecycleCondition:
        age: 10
        createdBefore: "2020-01-01"
        numNewerVersions: 2
        withState: ARCHIVED
      name: my-cloud-storage-bucket
      retentionPeriodDays: 30
    permissions:
    - resource:
        apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
        kind: Project
        name: myteam-dev-ab23
      role: roles/cloudsql.client
    sqlInstances:
    - autoBackupHour: 1
      cascadingDelete: true
      collation: nb_NO.UTF8
      databases:
      - envVarPrefix: DB
        name: mydatabase
        users:
        - name: extra_user
      diskAutoresize: true
      diskSize: 30
      diskType: SSD
      highAvailability: true
      maintenance:
        day: 1
        hour: 4
      name: myinstance
      tier: db-f1-micro
      type: POSTGRES_12
  idporten:
    accessTokenLifetime: 3600
    clientURI: https://www.nav.no
    enabled: true
    frontchannelLogoutPath: /oauth2/logout
    frontchannelLogoutURI: https://myapplication.nav.no/oauth2/logout
    postLogoutRedirectURIs:
    - https://www.nav.no
    redirectPath: /oauth2/callback
    redirectURI: https://myapplication.nav.no/oauth2/callback
    sessionLifetime: 7200
  image: navikt/testapp:69.0.0
  ingresses:
  - https://myapplication.nav.no
  kafka:
    pool: nav-dev
  leaderElection: true
  liveness:
    failureThreshold: 10
    initialDelay: 20
    path: /isalive
    periodSeconds: 5
    port: 8080
    timeout: 1
  logformat: accesslog_with_referer_useragent
  logtransform: http_loglevel
  maskinporten:
    enabled: true
    scopes:
      consumes:
      - name: skatt:scope.read
      exposes:
      - allowedIntegrations:
        - maskinporten
        consumers:
        - name: KST
          orgno: "123456789"
        enabled: true
        name: scope.read
        product: arbeid
  port: 8080
  preStopHookPath: /internal/stop
  prometheus:
    enabled: true
    path: /metrics
    port: "8080"
  readiness:
    failureThreshold: 10
    initialDelay: 20
    path: /isready
    periodSeconds: 5
    port: 8080
    timeout: 1
  replicas:
    cpuThresholdPercentage: 50
    max: 4
    min: 2
  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 200m
      memory: 256Mi
  secureLogs:
    enabled: true
  service:
    port: 80
    protocol: http
  skipCaBundle: true
  startup:
    failureThreshold: 10
    initialDelay: 20
    path: /started
    periodSeconds: 5
    port: 8080
    timeout: 1
  strategy:
    type: RollingUpdate
  tokenx:
    enabled: true
    mountSecretsAsFilesOnly: true
  vault:
    enabled: true
    paths:
    - format: env
      kvPath: /kv/preprod/fss/application/namespace
      mountPath: /var/run/secrets/nais.io/vault
    sidecar: true
  webproxy: true
status: {}