diff --git a/config/clusters/cloudbank/cluster.yaml b/config/clusters/cloudbank/cluster.yaml
index 27fef824cb..43577c6924 100644
--- a/config/clusters/cloudbank/cluster.yaml
+++ b/config/clusters/cloudbank/cluster.yaml
@@ -148,6 +148,14 @@ hubs:
       - common.values.yaml
       - sbcc-dev.values.yaml
       - enc-sbcc-dev.secret.values.yaml
+  - name: elac
+    display_name: "East Los Angeles College"
+    domain: elac.cloudbank.2i2c.cloud
+    helm_chart: basehub
+    helm_chart_values_files:
+      - common.values.yaml
+      - elac.values.yaml
+      - enc-elac.secret.values.yaml
   - name: lacc
     display_name: "Los Angeles City College"
     domain: lacc.cloudbank.2i2c.cloud
diff --git a/config/clusters/cloudbank/elac.values.yaml b/config/clusters/cloudbank/elac.values.yaml
new file mode 100644
index 0000000000..494814680c
--- /dev/null
+++ b/config/clusters/cloudbank/elac.values.yaml
@@ -0,0 +1,68 @@
+jupyterhub:
+  ingress:
+    hosts: [elac.cloudbank.2i2c.cloud]
+    tls:
+      - hosts: [elac.cloudbank.2i2c.cloud]
+        secretName: https-auto-tls
+  custom:
+    2i2c:
+      add_staff_user_ids_to_admin_users: true
+      add_staff_user_ids_of_type: "github"
+    homepage:
+      templateVars:
+        org:
+          name: East Los Angeles College
+          logo_url: https://www.elac.edu/sites/elac.edu/files/elac-logo.svg
+          url: https://www.elac.edu/
+        designed_by:
+          name: 2i2c
+          url: https://2i2c.org
+        operated_by:
+          name: CloudBank
+          url: http://cloudbank.org/
+        funded_by:
+          name: CloudBank
+          url: http://cloudbank.org/
+  hub:
+    config:
+      JupyterHub:
+        authenticator_class: cilogon
+      CILogonOAuthenticator:
+        oauth_callback_url: "https://palomar.cloudbank.2i2c.cloud/hub/oauth_callback"
+        allowed_idps:
+          http://google.com/accounts/o8/id:
+            default: true
+            username_derivation:
+              username_claim: "email"
+      OAuthenticator:
+        # WARNING: Don't use allow_existing_users with config to allow an
+        #          externally managed group of users, such as
+        #          GitHubOAuthenticator.allowed_organizations, as it breaks a
+        #          common expectations for an admin user.
+        #
+        #          The broken expectation is that removing a user from the
+        #          externally managed group implies that the user won't have
+        #          access any more. In practice the user will still have
+        #          access if it had logged in once before, as it then exists
+        #          in JupyterHub's database of users.
+        #
+        allow_existing_users: True
+      Authenticator:
+        # WARNING: Removing a user from admin_users or allowed_users doesn't
+        #          revoke admin status or access.
+        #
+        #          OAuthenticator.allow_existing_users allows any user in the
+        #          JupyterHub database of users able to login. This includes
+        #          any previously logged in user or user previously listed in
+        #          allowed_users or admin_users, as such users are added to
+        #          JupyterHub's database on startup.
+        #
+        #          To revoke admin status or access for a user when
+        #          allow_existing_users is enabled, first remove the user from
+        #          admin_users or allowed_users, then deploy the change, and
+        #          finally revoke the admin status or delete the user via the
+        #          /hub/admin panel.
+        #
+        admin_users:
+          - sean.smorris@berkeley.edu
+          - rrregis@gmail.com
diff --git a/config/clusters/cloudbank/enc-elac.secret.values.yaml b/config/clusters/cloudbank/enc-elac.secret.values.yaml
new file mode 100644
index 0000000000..d2634d730e
--- /dev/null
+++ b/config/clusters/cloudbank/enc-elac.secret.values.yaml
@@ -0,0 +1,20 @@
+jupyterhub:
+    hub:
+        config:
+            CILogonOAuthenticator:
+                client_id: ENC[AES256_GCM,data:cBuFC2bLV5pA85K9L22EcM5h7ZUSASK2y+vOh5grlAyKnqpUgepynWL4mjL5SxVY+zM=,iv:Xhy+Y3C+zJsibs/W+sPb/hSReQzN8KekOzT5NZceVj4=,tag:JM1r+8A8b1CNXE0TdPzNcg==,type:str]
+                client_secret: ENC[AES256_GCM,data:vt+PnqCXNB27sosc9Xy1Vci4nAFviw+kA/NoNOqy4Zjom42MKGRxfOgJEl4jbxWZPaCliD9H90cKYniFp0dmhQYQSE3HCHXI2Cc/6w1Fg05O+1oRO1Y=,iv:h2Y8NTEk3GToKcUfd+DKQSVFF72RHdsKuP6T9+AnCmk=,tag:5HyGGS9mJSJPXPPZ3JXEZg==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs
+          created_at: "2024-01-10T00:27:47Z"
+          enc: CiUA4OM7eLfMw3q0WBdHZiBTymDsk+C76sHrwR95zkwZjvq8JjN8EkkAjTWv+vo3ugKpDVeUKrKsmQ2a2VcWkjozp4IxKpOT7g6uOO02UT9uocWKxaS7YkePydtkiVFaHe0L6voF6G9SBPl1yKK9062W
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-01-10T00:27:48Z"
+    mac: ENC[AES256_GCM,data:m4vTLeMe9C9wUq8wyDmOz11f1trXBKQ8+rwljVbq4q7iAUuyK12PGbWhcH6Pk7HPmfhlMoEM8wyhbSTwuOf2nrMV5ExpGvYQ63DkIOk9cGYh5MFQEMeX4dNJlbQVkt5D4NjSrzAxjdQINnWcYr8teXQ1zgpTca+qTi8s21qh78I=,iv:nfQvJQYZ0huTCe3UJOa8lLgQTNzfIjqi3B3MB1o5m2k=,tag:Vul6XzPkhV7DUFZobjAo5w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1