Wildcard DNS Subdomain Requirement
When you first set up Cloudera Data Science Workbench, you are asked to create a
wildcard DNS entry for the Cloudera Data Science Workbench domain. Cloudera Data Science
Workbench uses these wildcard subdomains (*.cdsw.<your_domain>.com
) to route HTTP requests to engines and services
launched by users.
Every time users launch workloads (session/job/experiment/model) on Cloudera Data Science
Workbench, a new engine is created for each workload. These engines are isolated Docker
containers where users can run code. Each engine is assigned its own unique,
randomly-generated ID, which is saved to the CDSW_ENGINE_ID
environment variables. This ID is also used to create a unique
subdomain for each engine. These subdomains are of the form: <CDSW_ENGINE_ID>.cdsw.<your_domain>.com
.
Assigning a unique subdomain to each engine allows Cloudera Data Science Workbench to:
-
Securely expose interactive session services, such as visualizations, the terminal, and web UIs such as TensorBoard, Shiny, Plotly, and so on;
-
Prevent cross-site scripting (XSS) attacks by securely isolating user-generated content from the Cloudera Data Science Workbench application.
It is important to note that because there is no limit to the number of workloads (i.e. engines) users can launch, Cloudera Data Science Workbench requires the ability to randomly generate large numbers of engine IDs (and their subdomains) on-demand. Therefore, creating a wildcard DNS subdomain is essential for Cloudera Data Science Workbench to function successfully.
Additionally, if you want to enable TLS for your
deployment, your TLS certificate will need to include both, the
Cloudera Data Science Workbench domain, as well as the wildcard for
all first-level subdomains. This is required so that your browser can
trust communications with the
<CDSW_ENGINE_ID>.cdsw.<your_domain>.com
subdomains.