chore(jupyterhub): create JupyterHub vault token on each deploy

2025-09-03 10:19:11 +09:00
parent ac8d47c619
commit 4264877786
1 changed files with 4 additions and 6 deletions
--- a/jupyterhub/justfile
+++ b/jupyterhub/justfile
@@ -107,11 +107,9 @@ install:
        kubectl apply -n ${JUPYTERHUB_NAMESPACE} -f nfs-pvc.yaml
    fi

-    # Create or get JupyterHub Vault token before gomplate
-    if ! just vault::exist jupyterhub/vault-token &>/dev/null; then
-        echo "Creating JupyterHub Vault token..."
+    # Always create new JupyterHub Vault token on deployment
+    echo "Creating new JupyterHub Vault token for this deployment..."
    just create-jupyterhub-vault-token
-    fi
    export JUPYTERHUB_VAULT_TOKEN=$(just vault::get jupyterhub/vault-token token)

    # https://z2jh.jupyter.org/en/stable/
@@ -209,7 +207,7 @@ setup-vault-jwt-auth:
    echo "  # Each user gets their own isolated Vault token and policy"

 # Create JupyterHub Vault token (uses admin policy for JWT operations)
-create-jupyterhub-vault-token ttl="720h":
+create-jupyterhub-vault-token ttl="8760h":
    #!/bin/bash
    set -euo pipefail
    echo "Creating JupyterHub Vault token with admin policy..."