Thank you @manics for your response! After some trial i am able to use modify_pod_hook as you suggested.
For anyone interested here’s my implementation based on manics input and this post.
hub:
config:
JupyterHub:
authenticator_class: generic-oauth
Authenticator:
enable_auth_state: true
allow_all: true
GenericOAuthenticator:
client_id: jupyterhub
client_secret: SECRET
validate_server_cert: False
oauth_callback_url: http://CALLBACK_URL/hub/oauth_callback
authorize_url: https://KEYCLOAK_URL/realms/data-access-portal/protocol/openid-connect/auth
token_url: https://KEYCLOAK_URL/realms/data-access-portal/protocol/openid-connect/token
userdata_url: https://KEYCLOAK_URL/realms/data-access-portal/protocol/openid-connect/userinfo
login_service: keycloak
username_claim: preferred_username
userdata_params:
state: state
scope:
- openid
extraConfig:
00-first-config: |
def userdata_hook(spawner, auth_state):
spawner.userdata = auth_state['oauth_user']
def modify_pod_hook(spawner, pod):
user = spawner.user.name
group = spawner.userdata.get('CUSTOM', False)
pod.spec.volumes.append({
'name': 'jupyterhub-shared',
'persistentVolumeClaim': {
'claimName': 'efs-persist-ro'
}
})
pod.spec.containers[0].volume_mounts.append({
'name': 'jupyterhub-shared',
'mountPath': f"/home/shared/{group}",
'readOnly': True
})
return pod
c.KubeSpawner.auth_state_hook = userdata_hook
c.KubeSpawner.modify_pod_hook = modify_pod_hook