We should make both ASR and whisper to launch the application as nonRoot user(normally be of uid 1000), just like embedding service does, https://github.com/opea-project/GenAIComps/blob/main/comps/embeddings/langchain/docker/Dockerfile, to increase the security of running container image. Some Kubernetes has the security standard policy that doesn't allow run as root in the container image
For whisper, besides running as the nonRoot user, we should also make model download path writable to that nonRoot user
We should make both ASR and whisper to launch the application as nonRoot user(normally be of uid 1000), just like embedding service does, https://github.com/opea-project/GenAIComps/blob/main/comps/embeddings/langchain/docker/Dockerfile, to increase the security of running container image. Some Kubernetes has the security standard policy that doesn't allow run as root in the container image
For whisper, besides running as the nonRoot user, we should also make model download path writable to that nonRoot user