diff --git a/config/clusters/opensci/sciencecore.values.yaml b/config/clusters/opensci/sciencecore.values.yaml index 1673a6c5f8..c299ff59ed 100644 --- a/config/clusters/opensci/sciencecore.values.yaml +++ b/config/clusters/opensci/sciencecore.values.yaml @@ -1,3 +1,12 @@ +userServiceAccount: + enabled: true + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::211125293633:role/opensci-sciencecore +adminServiceAccount: + enabled: true + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::211125293633:role/opensci-sciencecore-admin-sa + jupyterhub: ingress: hosts: @@ -27,7 +36,12 @@ jupyterhub: funded_by: name: "" url: "" + singleuserAdmin: + serviceAccountName: admin-sa singleuser: + extraEnv: + SCRATCH_BUCKET: s3://opensci-scratch-sciencecore/$(JUPYTERHUB_USER) + PERSISTENT_BUCKET: s3://opensci-persistent-sciencecore/$(JUPYTERHUB_USER) profileList: - display_name: "Only Profile Available, this info is not shown in the UI" slug: only-choice diff --git a/terraform/aws/projects/opensci.tfvars b/terraform/aws/projects/opensci.tfvars index 824dc2915e..28e44ab89c 100644 --- a/terraform/aws/projects/opensci.tfvars +++ b/terraform/aws/projects/opensci.tfvars @@ -8,25 +8,28 @@ user_buckets = { "scratch-staging" : { "delete_after" : 7 }, - "scratch" : { + "scratch-sciencecore" : { "delete_after" : 7 }, + "persistent-sciencecore" : { + "delete_after" : null + }, } hub_cloud_permissions = { "staging" : { "user-sa" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], - extra_iam_policy : "", }, }, - "prod" : { + "sciencecore" : { "user-sa" : { - requestor_pays : true, - bucket_admin_access : ["scratch"], - extra_iam_policy : "", + bucket_admin_access : ["scratch-sciencecore"], + bucket_readonly_access : ["persistent-sciencecore"], + }, + "admin-sa" : { + bucket_admin_access : ["scratch-sciencecore", "persistent-sciencecore"], }, }, }