Skip to content

Commit

Permalink
add jhub apps service account with admin permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@Adam-D-Lewis
Adam-D-Lewis committed Jan 20, 2025
1 parent b42a903 commit 6bc13de
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 0 deletions.
21 changes: 21 additions & 0 deletions ...nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ locals {
userscheduler_nodeselector_value = var.general-node-group.value
}


resource "kubernetes_secret" "jhub_apps_secrets" {
metadata {
name = local.jhub_apps_secrets_name
Expand All @@ -36,6 +37,26 @@ resource "kubernetes_secret" "jhub_apps_secrets" {
type = "Opaque"
}

resource "keycloak_user" "jhub_apps_service_account" {
realm_id = var.realm_id
username = "jhub-apps-sa"
# email = "jhub-apps-sa@${var.external-url}"
enabled = true # not sure if they need to be enabled, TODO: check
}

data "keycloak_group" "admin_group" {
realm_id = var.realm_id
name = "admin"
}


resource "keycloak_user_groups" "jhub_apps_service_account_groups" {
realm_id = var.realm_id
user_id = keycloak_user.jhub_apps_service_account.id
group_ids = [data.keycloak_group.admin_group.id]
exhaustive = true # remove all other groups
}

locals {
jupyterhub_env_vars = [
{
Expand Down
9 changes: 9 additions & 0 deletions ...ri/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
terraform {
required_providers {
keycloak = {
source = "mrparkers/keycloak"
version = "3.7.0"
}
}
required_version = ">= 1.0"
}

0 comments on commit 6bc13de

Please sign in to comment.