search

opea-project / GenAIComps

GenAI components at micro-service level; GenAI service composer to create mega-service
Apache License 2.0
47 stars 101 forks source link

make asr and whisper docker image to launch as nonRoot user #300

Closed lianhao closed 1 month ago

lianhao commented 2 months ago

We should make both ASR and whisper to launch the application as nonRoot user(normally be of uid 1000), just like embedding service does, https://github.com/opea-project/GenAIComps/blob/main/comps/embeddings/langchain/docker/Dockerfile, to increase the security of running container image. Some Kubernetes has the security standard policy that doesn't allow run as root in the container image

For whisper, besides running as the nonRoot user, we should also make model download path writable to that nonRoot user

ZailiWang commented 2 months ago

Hi Lianhao, thanks for the advice, we will look into it.

ZailiWang commented 1 month ago

Close as duplicated with #339.