baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(jupyterhub): create JupyterHub vault token on each deploy

Browse Source
This commit is contained in:
Masaki Yatsu
2025-09-03 10:19:11 +09:00
parent ac8d47c619
commit 4264877786
1 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
jupyterhub/justfile
View File

@@ -107,11 +107,9 @@ install:
kubectl apply -n ${JUPYTERHUB_NAMESPACE} -f nfs-pvc.yaml kubectl apply -n ${JUPYTERHUB_NAMESPACE} -f nfs-pvc.yaml
fi fi
# Create or get JupyterHub Vault token before gomplate # Always create new JupyterHub Vault token on deployment
if ! just vault::exist jupyterhub/vault-token &>/dev/null; then echo "Creating new JupyterHub Vault token for this deployment..."
echo "Creating JupyterHub Vault token..."
just create-jupyterhub-vault-token just create-jupyterhub-vault-token
fi
export JUPYTERHUB_VAULT_TOKEN=$(just vault::get jupyterhub/vault-token token) export JUPYTERHUB_VAULT_TOKEN=$(just vault::get jupyterhub/vault-token token)
# https://z2jh.jupyter.org/en/stable/ # https://z2jh.jupyter.org/en/stable/
@@ -209,7 +207,7 @@ setup-vault-jwt-auth:
echo " # Each user gets their own isolated Vault token and policy" echo " # Each user gets their own isolated Vault token and policy"
# Create JupyterHub Vault token (uses admin policy for JWT operations) # Create JupyterHub Vault token (uses admin policy for JWT operations)
create-jupyterhub-vault-token ttl="720h": create-jupyterhub-vault-token ttl="8760h":
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
echo "Creating JupyterHub Vault token with admin policy..." echo "Creating JupyterHub Vault token with admin policy..."