workloads
21 pagesAccess policy reference
The following hosts are by default accessible for every workload: You do not need to specify these hosts in your access policies.
Application
A Nais application lets you run one or more instances of a container image. An application is defined by its application manifest, which is a YAML file that describes how the application should beβ¦
Communicate with other workloads
This guide shows you how to communicate with other workloads inside the same environment or cluster via service discovery.
Container security
The following settings are applied to all containers running in Nais: To override these settings, see the following how-to guides:
Debugging workloads
A useful place to start when you have problems getting your pods running is the troubleshooting guide.
Default workload variables
These environment variables will be injected into your workload container
Disable read-only file system
This how-to shows how to disable read-only root file system in your workloads. Re-deploy your workload to apply the changes.
Environments
This is a overview over the different environments and their available domains. Environments are sometimes also called clusters.
Good practices
This document describes the different properties a Nais application should have. In general, Nais applications should be inspired by the Twelve Factor App manifesto.
Ingress reference
This is the reference documentation for ingresses in Nais. Ingress is the only way to expose your application to the outside world, this is not the recommended way to communicate between applicationsβ¦
Migrating to GCP
Our GCP clusters use a zero trust security model, implying that the application must specify both incoming and outgoing connections in order to receive or send traffic at all. This is expressed usingβ¦
Nais job
A Nais job is used for tasks meant to complete and then exit. This can either run as a one-off task or on a schedule, like a cron job.
Overriding user and group that runs container process
This how-to shows you how to override the default user and group (1069) that will run your container process.
Set up access policies
This guide will show you how to define access policies for your workload. For app <MY-APP> to be able to receive incoming requests from <MY-OTHER-APP> in the same namespace, this specification isβ¦
The runtime environment
Nais provides you with multiple environments for you to run your workloads in. Environments are sometimes also called clusters.
Troubleshooting
When something is wrong with your application, these kubectl commands should be the first things you check out:
Use a secret in your workload
This how-to guide shows you how to reference and use a secret in your workload. A secret can be made available as environment variables or files, or both.
Validation and autocompletion in editors
We expose two JSON schemas intended for use with editors to help the developer experience. These can be used for validation, autocompletion and documentation in supported editors.
Webproxy
In Navs on-premises environments, workloads that need to make external HTTP(S) requests must set webproxy to true in their application spec.
Workloads
A core functionality of Nais is enabling you to run the code you write. We support two types of workloads, applications and jobs.
Zero Trust
Nais embraces the zero trust security model, where the core principle is to "never trust, always verify".