Run mlx-ui as non-root user

[ckadner]

Run the MLX UI container as node user not as root.

Also update to Node 16

Closes: #337

Related: https://github.com/IBM/manifests/pull/43

FYI @Tomcli @yhwang -- this worked on OC on Fyre after undoing the mlx-ui manifest change for adding the emptyDir build-volume. I created a PR #43 on the manifest repo for it.

[mlx-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ckadner

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/machine-learning-exchange/mlx/blob/main/OWNERS)~~ [ckadner] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[ckadner]

@jbusche

[ckadner]

FYI @Tomcli @yhwang -- this worked on OC on Fyre after undoing the mlx-ui manifest change for adding the build-volume. I created a PR on the manifest repo for it:

https://github.com/IBM/manifests/pull/43

[jbusche]

Tested with @ckadner on a OC 4.10 cluster, looking good:

1. The user remains non-root even after multiple pod restarts:

   oc rsh mlx-ui-5c48666cf7-59hc8
   $ whoami
   node

2. The pod starts correctly:

   
   oc logs -f mlx-ui-5c48666cf7-2cw8m

aiops-frontend@0.1.0 build react-scripts build

Creating an optimized production build... Compiled successfully.

File sizes after gzip:

343.26 KB build/static/js/2.6e8d8be7.chunk.js 62.84 KB build/static/js/main.2854922d.chunk.js 3.84 KB build/static/css/main.265e3da4.chunk.css 2.72 KB build/static/css/2.21151bd0.chunk.css 780 B build/static/js/runtime-main.b8b6e910.js

The project was built assuming it is hosted at ./. You can control this with the homepage field in your package.json.

The build folder is ready to be deployed.

Find out more about deployment here:

bit.ly/CRA-deploy

npm notice npm notice New minor version of npm available! 8.11.0 -> 8.12.1 npm notice Changelog: https://github.com/npm/cli/releases/tag/v8.12.1 npm notice Run npm install -g npm@8.12.1 to update! npm notice [HPM] Proxy created: / -> http://mlx-api Server listening at http://localhost:3000

[yhwang]

question: I thought you want to use package-lock.json to lock all package versions since you update two package-lock.json files. However, when building the docker image, you remove the lock files before calling npm i. I guess it defeats the purpose of updating those package-lock.json files...

[ckadner]

question: I thought you want to use package-lock.json to lock all package versions since you update two package-lock.json files. However, when building the docker image, you remove the lock files before calling npm i. I guess it defeats the purpose of updating those package-lock.json files...

I can remove that. I put that in because the npm install can fail depending on the content of package-lock.json and the version of npm used by the user who last ran the npm install locally (overriding the package-lock.json last checked into VCS) -- in some cases bringing up a npm login prompt. There also have been changes over time in the way the package-lock.json file is being used by npm ... https://stackoverflow.com/questions/44297803/what-is-the-role-of-the-package-lock-json

[yhwang]

when package-lock.json exits, npm i uses the versions in that files. it shouldn't change the lock file unless someone changes package.json and want to rebuild the lock file. my thinking is when using lock files, we should only do npm i

[ckadner]

when package-lock.json exits, npm i uses the versions in that files. it shouldn't change the lock file unless someone changes package.json and want to rebuild the lock file. my thinking is when using lock files, we should only do npm i

Are you referring to npm install (npm i) vs npm ci https://stackoverflow.com/questions/52499617/what-is-the-difference-between-npm-install-and-npm-ci ?

[yhwang]

/lgtm