Skip to content

NAIS Job example YAML

This is a complete example of an Naisjob resource.

apiVersion: nais.io/v1
kind: Naisjob
metadata:
  creationTimestamp: null
  labels:
    team: myteam
  name: myjob
  namespace: myteam
spec:
  accessPolicy:
    inbound:
      rules:
      - application: app1
      - application: app2
        namespace: q1
      - application: app3
        cluster: dev-gcp
        namespace: q2
      - application: '*'
        namespace: q3
    outbound:
      external:
      - host: external-application.example.com
      - host: non-http-service.example.com
        ports:
        - name: kafka
          port: 9200
          protocol: TCP
      rules:
      - application: app1
      - application: app2
        namespace: q1
      - application: app3
        cluster: dev-gcp
        namespace: q2
      - application: '*'
        namespace: q3
  activeDeadlineSeconds: 60
  azure:
    application:
      claims:
        extra:
        - NAVident
        - azp_name
        groups:
        - id: 00000000-0000-0000-0000-000000000000
      enabled: true
      replyURLs:
      - https://myapplication.nav.no/oauth2/callback
      tenant: nav.no
  backoffLimit: 5
  command:
  - /app/myapplication
  - --param
  - value
  - --other-param
  - other-value
  elastic:
    instance: my-elastic-instance
  env:
  - name: MY_CUSTOM_VAR
    value: some_value
  - name: MY_APPLICATION_NAME
    valueFrom:
      fieldRef:
        fieldPath: metadata.name
  envFrom:
  - secret: my-secret-with-envs
  - configmap: my-configmap-with-envs
  failedJobsHistoryLimit: 2
  filesFrom:
  - configmap: example-files-configmap
    mountPath: /var/run/configmaps
  - mountPath: /var/run/secrets
    secret: my-secret-file
  gcp:
    bigQueryDatasets:
    - cascadingDelete: true
      description: Contains big data, supporting big queries, for use in big ideas.
      name: my_bigquery_dataset1
      permission: READWRITE
    - description: Contains big data, supporting big queries, for use in big ideas.
      name: my_bigquery_dataset2
      permission: READ
    buckets:
    - cascadingDelete: true
      lifecycleCondition:
        age: 10
        createdBefore: "2020-01-01"
        numNewerVersions: 2
        withState: ARCHIVED
      name: my-cloud-storage-bucket
      retentionPeriodDays: 30
    permissions:
    - resource:
        apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
        kind: Project
        name: myteam-dev-ab23
      role: roles/cloudsql.client
    sqlInstances:
    - autoBackupHour: 1
      cascadingDelete: true
      collation: nb_NO.UTF8
      databases:
      - envVarPrefix: DB
        name: mydatabase
        users:
        - name: extra_user
      diskAutoresize: true
      diskSize: 30
      diskType: SSD
      highAvailability: true
      maintenance:
        day: 1
        hour: 4
      name: myinstance
      tier: db-f1-micro
      type: POSTGRES_12
  image: navikt/testapp:69.0.0
  kafka:
    pool: nav-dev
  liveness:
    failureThreshold: 10
    initialDelay: 20
    path: /isalive
    periodSeconds: 5
    port: 8080
    timeout: 1
  logformat: accesslog_with_referer_useragent
  logtransform: http_loglevel
  maskinporten:
    enabled: true
    scopes:
      consumes:
      - name: skatt:scope.read
      exposes:
      - allowedIntegrations:
        - maskinporten
        consumers:
        - name: KST
          orgno: "123456789"
        enabled: true
        name: scope.read
        product: arbeid
  preStopHookPath: /internal/stop
  readiness:
    failureThreshold: 10
    initialDelay: 20
    path: /isready
    periodSeconds: 5
    port: 8080
    timeout: 1
  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 200m
      memory: 256Mi
  schedule: '*/15 0 0 0 0'
  secureLogs:
    enabled: true
  skipCaBundle: true
  startup:
    failureThreshold: 10
    initialDelay: 20
    path: /started
    periodSeconds: 5
    port: 8080
    timeout: 1
  successfulJobsHistoryLimit: 2
  ttlSecondsAfterFinished: 60
  vault:
    enabled: true
    paths:
    - format: env
      kvPath: /kv/preprod/fss/application/namespace
      mountPath: /var/run/secrets/nais.io/vault
    sidecar: true
  webproxy: true
status: {}