Search documentation

Type to search the documentation

↑↓ to navigate Enter to select Esc to close

Home
Explanations
Tutorials
- Hello Nais
Workloads
- 💡 Explanations
- 🎯 How-To
- 📚 Reference
- Application
  - 💡 Explanations
    
    Exposing your application
  - 🎯 How-To
    
    Create application
    Delete your application
    Expose an application
    Redirect a client
  - 📚 Reference
    
    Nais Application example YAML
    Nais Application reference
    Automatic Scaling
    Ingress reference
- Nais job
  - 🎯 How-To
    
    Create job
    Delete your job
  - 📚 Reference
    
    Nais Job example YAML
    Nais Job reference
Build and deploy
- 🎯 How-To
- 📚 Reference
  - Deploy action configuration
Authentication and authorization
Observability
- 🎯 How-To
  - Get started with auto-instrumentation
- 📚 Reference
  - OpenTelemetry Auto-Instrumentation Configuration
  - Observability Glossary
- Alerting
  - 🎯 How-To
    
    Create alert in Grafana
    Customize Prometheus alerts
    Create alert with Prometheus
  - 📚 Reference
    
    Prometheus Alerting Rule Reference
- Frontend apps
- Logging
  - 🎯 How-To
    
    Access secure logs
    Audit logs
    Disable persistent application logs
    Enable secure logs
    View logs from the command line
    Adding logs to your Grafana dashboard
    Metrics and alerts for logs
    Get started with Grafana Loki
    Create alerts in nav-logs (OpenSearch Dashboards)
    Get started with nav-logs
    Get started with Team Logs
  - 📚 Reference
    
    Log Destinations
    DQL Reference
    LogQL Reference
    Loki Labels Reference
    Loki Metrics Reference
- Metrics
  - 🎯 How-To
    
    Create a dashboard in Grafana
    Expose metrics from your application
    Show Grafana on infoscreen
    Push metrics to Prometheus
  - 📚 Reference
    
    Global Metrics
    Grafana Glossary
    Metrics reference
    OpenTelemetry Metrics
    PromQL Reference
- Distributed Tracing
  - 🎯 How-To
    
    Trace context propagation
    Correlate traces and logs
    Tracing data in Elastic APM
    Get started with Grafana Tempo
  - 📚 Reference
    
    Span Metrics
    OpenTelemetry Trace Semantic Conventions
    TraceQL Reference
- Tutorials
  - Getting Started with Observability in Nais
  - Instrumenting Your Application with OpenTelemetry
Persistent Data Overview
Other services
- CDN
  - 🎯 How-To
    
    Upload assets to the CDN
    Manage CDN assets
  - 📚 Reference
    
    CDN Upload Action
- Secrets
  - 🎯 How-To
    
    Create and manage secrets in Console
    Use a secret in your workload
    Advanced: Secrets with binary data
  - 📚 Reference
- Feature Toggling
- Anti-Virus Scanning
- Leader Election
  - 🎯 How-To
    
    Enable Leader Election
- Vulnerability insights and management
  - 🎯 How-To
    
    Generate SBOM
  - 📚 Reference
Manage your workloads and services
- 🎯 How-To
  - Setup command line access
  - Create a Nais team
- Console
- CLI
  - 🎯 How-To
    
    Install nais-cli
    Troubleshooting nais-cli
  - 📚 Reference
    
    aiven command
    debug command
    device command
    kubeconfig command
    postgres command
    validate command
- naisdevice
  - Explanations
    
    Just In Time Access (JITA)
  - How To
    
    Install Kolide
    Install naisdevice
    Troubleshooting naisdevice
    Uninstall Kolide
    Uninstall naisdevice
    Update naisdevice
Tags
Legal

explanation

51 pages

Alerting

Alerting is a crucial part of observability, and it's the first step in knowing when something is wrong with your application.
Anti-Virus Scanning

Antivirus scanning of files and urls using ClamAV.
Application

A Nais application lets you run one or more instances of a container image. An application is defined by its application manifest, which is a YAML file that describes how the application should be…
Auth concepts

This page describes basic concepts and glossary commonly referred to when working with authentication and authorization.
Authentication and authorization

Services and addons to support authentication and authorization in your applications.
Buckets

A bucket is a storage container for objects. Objects are files that contain data, such as documents, images, videos, and application code.
Build and deploy

To make your application available to others, you need to build and deploy it. Nais attempts to make this as simple as possible by providing a set of composable GitHub Actions.
Cloud SQL credentials

Cloud SQL uses ConfigConnector/CNRM to create and manage all relevant resources (sqldatabase, sqlinstance, sqluser, credentials) for postgreSQL. When creating an application via your nais.yaml the…
Cloud SQL Instance

A Cloud SQL instance is a managed database server provided by Google Cloud Platform. In nais, these are used to provide PostgreSQL databases for your applications.
Cloud SQL Proxy

The application will connect to the database using Cloud SQL Proxy, ensuring that the database communication happens in secure tunnel, authenticated with automatically rotated credentials.
Console

Nais Console is a web-based interface for managing your workloads and services on the Nais platform. It aims to provide a user-friendly way to interact with the platform, without needing to use the…
Content Delivery Network (CDN)

A content delivery network (CDN) serves static content and single-page applications (SPA) in a fast and reliable manner.
Distributed Tracing

Application Performance Monitoring or tracing using Grafana Tempo on Nais.
Entra ID

Entra ID (formerly known as Azure Active Directory, Azure AD or AAD) is a cloud-based identity and access management service provided by Microsoft.
Exposing your application

What good is an application if no one can reach it? Nais tries to make it easy to expose your application to the correct audience. An audience is the set of users or applications that your…
Feature Toggling

Feature toggling is a software development technique that allows you to turn features on and off in your application without deploying new code. This can be useful for testing new features, rolling…
Frontend apps

Nais offers observability tooling for frontend applications. This page describes how to use these offerings.
Good practices

This document describes the different properties a Nais application should have. In general, Nais applications should be inspired by the Twelve Factor App manifesto.
Google Cloud BigQuery Dataset

Google Cloud BigQuery is a service that provides a relational database that is optimized for analytical workloads. It is a good choice for storing data that is relational in nature.
Google Cloud SQL / PostgreSQL

PostgreSQL is a relational database which is a good choice for storing data that is relational in nature. In the nais platform, we use CloudSQL from the Google Cloud Platform to provide managed…
Grants and privileges

When using the nais postgres prepare command, the user is granted some privileges in the database. By default, the user is granted SELECT privileges on all tables and sequences in the default schema.
ID-porten

ID-porten is the standard authentication service used by Norwegian citizens to access public services.
Just In Time Access (JITA)

When you start naisdevice you will not be automatically connected to all the available gateways. In order to reach some of the services you will need to request "just in time access". The purpose of…
Kafka

Kafka is a distributed streaming platform that can be used to publish and subscribe to streams of records. It is a good alternative to synchronous communication between services if you need to decouple services.
Leader Election

With leader election it is possible to have one responsible pod. This can be used to control that only one pod runs a batch-job or similar tasks. This is done by asking the elector container which…
Logging

Logs are a way to understand what is happening in your application. They are usually text-based and are often used for debugging. Since the format of logs is usually not standardized, it can be difficult to query and aggregate logs and thus we recommend using metrics for dashboards and alerting.
Manage your workloads and services

This section covers how to manage your workloads and services on the Nais platform. It describes the different options available, and how to use them.
Maskinporten

Enabling service-to-service authorization between organizations and businesses using Maskinporten.
Metrics

Metrics are a way to measure the state of your application and can be used to create alerts in Prometheus and dashboards in Grafana.
Migrate to new instance

This article desribes what actually happens when you use the nais tools to migrate for a new SQL Instance.
Nais job

A Nais job is used for tasks meant to complete and then exit. This can either run as a one-off task or on a schedule, like a cron job.
naisdevice

naisdevice is a mechanism that lets you connect to services not available on the public internet from your machine.
Observability

Nais offers several methods for monitoring and observing your applications. This page describes the different options and how to use them.
OpenSearch

Nais provides managed search index services through OpenSearch as a drop-in replacement for Elasticsearch.
Persistent Data Overview

Nais offers several storage solutions for storing data. This page describes the different options and how to use them.
Postgres cluster

Postgres is a managed database cluster provided by nais utilizing the Zalando postgres-operator. You manage your cluster by defining a Postgres manifest.
PostgreSQL

PostgreSQL is a relational database which is a good choice for storing data that is relational in nature. In the nais platform, we support zalando postgres-operator to provision managed PostgreSQL…
Responsibilities

This page aims to clarify the responsibilities as relates to data storage using Nais and GCP. Depending on which infrastructure the data is stored on, the responsibilities look slightly different.
Secrets

A secret is a piece of sensitive information that is used in a workload. This can be a password, an API key, or any other information that should not be exposed to the public.
The runtime environment

Nais provides you with multiple environments for you to run your workloads in. Environments are sometimes also called clusters.
The workload image

You application is built into a container image, which we sometimes will call the workload image. For nais to know which image to use for your workload, part of the deploy process includes telling…
Tiered storage

Tiered storage is a way to offload rarely used messages to a cheaper, remote storage. Using tiered storage allow storing more data in a more cost-effective way. New messages can be stored locally on…
TokenX

TokenX is Nais' own implementation of OAuth 2.0 Token Exchange. This allows internal applications to act on behalf of a citizen that originally authenticated with ID-porten, while maintaining the…
Under the hood

In this explanation, we will go through some of the underlying technologies we use to provide Nais. Each environment is its own Kubernetes cluster using Google Kubernetes Engine (GKE).
Valkey

Valkey is a key value database that is used for storing and querying data. It is a good choice for storing data that is not relational in nature and often used for caching.
Vulnerability insights and management

Nais provides what you need to secure your software supply chain and manage vulnerabilities in your workloads.
What is a team?

Everything in Nais is organized around the concept of a team. A Nais team should consist of technical personnel involved with developing and operating the team's workloads and resources.
What is Nais?

Nais is a platform aiming to provide you with the technical capabilities you need to develop and run software in a safe and enjoyable way.
Working with Kafka Offsets

The Kafka offset is the index of the last read message for a consumer. On Aiven Kafka, we retain consumer offsets for a period of 7 days. This is the period recommended by Aiven and the default for…
Workloads

A core functionality of Nais is enabling you to run the code you write. We support two types of workloads, applications and jobs.
Zero Trust

Nais embraces the zero trust security model, where the core principle is to "never trust, always verify".