Typical workflow examples¶
Some examples of daily workflows for guiding unfamiliar Nais members
Note
A caveat right of the bat, is that it should be completely unproblematic to switch tenants in naisdevice and access some resource outside of k8s clusters, before switching back and continuing work with kubectl without touching narc or gcloud.
Critical
Read through privileges and ensure to understand both what user identity you are logging with, as well as what you might want to avoid doing with it or can do in another/better way.
Daily switching between tenants¶
Start the day off with:
- Log in w/naisdevice on the tenant who's cluster you intend to connect to (or NAV tenant if you e.g. wanna check email/calendar)
- Set your google project account to your
@nais.iouser:gcloud config set account <account email> - Log in w/your
@nais.iouser togcloud:gcloud auth login --update-adc <account email>- If not done so before, this is the time to install cluster configs w/
narc, seenarc kubeconfig
- If not done so before, this is the time to install cluster configs w/
- Most likely, at this point, you'd want to execute
narc jita grant adminto allow your@nais.iouser useful access to a tenants' k8s cluster - Ét voila! You should be able to
kubectxto the cluster(s) of your (naisdevice) connected tenant, andkubectlaway
!!!! Note At any point during tho workday you need to access another cluster, switch tenants in naisdevice, and repeat last step of above list.
Testing out some new feature as a tenant's user¶
Typically this is often done in dev-nais.io tenant.
- Get a user for said tenant
- Repeat the steps mentioned in this linked workflow example, but replace the references to
narcwith the equivalentnaiscli's commands.
Todo