Merge branch 'master' into feature/add-or-remove-ngs

cortexlabs · Jun 16, 2021 · 3bc9d13 · 3bc9d13
2 parents 0068a7d + c21f53b
commit 3bc9d13
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 8 deletions.
diff --git a/cli/cmd/cluster.go b/cli/cmd/cluster.go
@@ -1103,6 +1103,11 @@ func createS3BucketIfNotFound(awsClient *aws.Client, bucket string, tags map[str
 			fmt.Print("\n\n")
 			return err
 		}
+		err = awsClient.EnableBucketEncryption(bucket)
+		if err != nil {
+			fmt.Print("\n\n")
+			return err
+		}
 	} else {
 		fmt.Print("￮ using existing s3 bucket: ", bucket)
 	}

diff --git a/pkg/lib/aws/s3.go b/pkg/lib/aws/s3.go
@@ -376,14 +376,32 @@ func (c *Client) CreateBucket(bucket string) error {
 	return nil
 }
 
+func (c *Client) EnableBucketEncryption(bucket string) error {
+	_, err := c.S3().PutBucketEncryption(&s3.PutBucketEncryptionInput{
+		Bucket: aws.String(bucket),
+		ServerSideEncryptionConfiguration: &s3.ServerSideEncryptionConfiguration{
+			Rules: []*s3.ServerSideEncryptionRule{
+				{
+					ApplyServerSideEncryptionByDefault: &s3.ServerSideEncryptionByDefault{
+						SSEAlgorithm: pointer.String("AES256"),
+					},
+				},
+			},
+		},
+	})
+	if err != nil {
+		return errors.Wrap(err, "enabling encryption for bucket "+bucket)
+	}
+	return nil
+}
+
 func (c *Client) UploadReaderToS3(data io.Reader, bucket string, key string) error {
 	_, err := c.S3Uploader().Upload(&s3manager.UploadInput{
-		Bucket:               aws.String(bucket),
-		Key:                  aws.String(key),
-		Body:                 data,
-		ACL:                  aws.String("private"),
-		ContentDisposition:   aws.String("attachment"),
-		ServerSideEncryption: aws.String("AES256"),
+		Bucket:             aws.String(bucket),
+		Key:                aws.String(key),
+		Body:               data,
+		ACL:                aws.String("private"),
+		ContentDisposition: aws.String("attachment"),
 	})
 
 	if err != nil {

diff --git a/pkg/workloads/k8s.go b/pkg/workloads/k8s.go
@@ -386,9 +386,9 @@ func userPodContainers(api spec.API) ([]kcore.Container, []kcore.Volume) {
 
 		if container.Compute.Inf > 0 {
 			totalHugePages := container.Compute.Inf * _hugePagesMemPerInf
-			containerResourceList["nvidia.com/gpu"] = *kresource.NewQuantity(container.Compute.Inf, kresource.DecimalSI)
+			containerResourceList["aws.amazon.com/neuron"] = *kresource.NewQuantity(container.Compute.Inf, kresource.DecimalSI)
 			containerResourceList["hugepages-2Mi"] = *kresource.NewQuantity(totalHugePages, kresource.BinarySI)
-			containerResourceLimitsList["nvidia.com/gpu"] = *kresource.NewQuantity(container.Compute.Inf, kresource.DecimalSI)
+			containerResourceLimitsList["aws.amazon.com/neuron"] = *kresource.NewQuantity(container.Compute.Inf, kresource.DecimalSI)
 			containerResourceLimitsList["hugepages-2Mi"] = *kresource.NewQuantity(totalHugePages, kresource.BinarySI)
 
 			securityContext.Capabilities = &kcore.Capabilities{