Override a hub’s domain name#
This guide aims provides an overview of how to override the domain name of a hub and why you may want to do this.
Motivation#
In the past, the engineering team have been asked to provide a temporary, alternative domain name for a hub to make it undiscoverable. This could be for reasons such as:
prevent a class from accessing an educational hub while investigations around cheating are ongoing
make the hub undiscoverable by crypto-miners
Danger
This is generally a temporary fix to rapidly make a hub undiscoverable and should not replace or take priority over processes that more robustly address the above concerns.
How-to guide#
Create a new file with the path
config/clusters/$CLUSTER_NAME/<hub_name>.domain_override.secret.yaml
where<hub_name>
is the name of the hub we are targeting, and$CLUSTER_NAME
is the name of the cluster upon which the hub is running.Note
We have included
secret
in the filename since we will be encrypting this file withsops
so that the new domain name cannot be discovered by someone checking the GitHub repository. However, it is worth noting that our deployment infrastructure does not enforce the domain override file to be encrypted and an unencrypted file can be provided, if necessary.Add the new domain to the new domain override file like so:
domain: ENTER_NEW_DOMAIN_HERE
Note
The new domain still still follow the convention
foo.$CLUSTER_NAME.2i2c.cloud
, butfoo
can be replaced with anything that is not the current top-level domain of the hub. A randomly generated string is probably best to avoid the new domain being guessable.(Optional) Encrypt the file with
sops
.export CLUSTER_NAME=<cluster-name> export HUB_NAME=<hub-name>
sops --output config/clusters/$CLUSTER_NAME/enc-$HUB_NAME.domain_override.secret.yaml --encrypt config/clusters/$CLUSTER_NAME/$HUB_NAME.domain_override.secret.yaml
The file can now be safely committed to the repository.
Update the
cluster.yaml
file to list the domain override file.hubs: ... - name: <hub-name> domain: original.domain.2i2c.cloud domain_override_file: enc-<hub-name>.domain-override.secret.yaml
Note
This filepath is defined relative to the location of the
cluster.yaml
file.Run the deployer for the hub!
deployer deploy $CLUSTER_NAME $HUB_NAME