Support launch as Non-Root user in all published container images

[lianhao]

This is a more generic requirement to all the container images created here. Many Kubernetes clouds have security standard policy that doesn't allow running as root in the container image. So we think it'd be better that the container images that released here, just like the image embedding-tei did, to add the support of running the image as not-root user(normally would be uid 1000).

Normally, we can add the following into the very top of the Dockerfile, i.e.

FROM xxx:yy

# Create a custom user with UID 1000 and GID 1000
RUN groupadd -g 1000 user && useradd -m -u 1000 -g user user

USER user

<rest of your Dockerfile>

The following is a list of Dockerfile which needs to add this support besides ASR/Whisper which is mentioned in issue #300:

$ grep -Lr USER $(find -name "Docker*")
./comps/lvms/llava/Dockerfile_hpu
./comps/lvms/llava/Dockerfile
./comps/lvms/Dockerfile
./comps/tts/speecht5/Dockerfile_hpu
./comps/tts/speecht5/Dockerfile
./comps/tts/Dockerfile
./comps/reranks/langchain-mosec/mosec-docker/Dockerfile
./comps/embeddings/langchain-mosec/mosec-docker/Dockerfile
./comps/web_retrievers/langchain/chroma/docker/Dockerfile
./comps/llms/utils/lm-eval/Dockerfile.cpu
./comps/llms/text-generation/vllm/docker/Dockerfile.hpu
./comps/llms/text-generation/vllm-xft/docker/Dockerfile
./comps/llms/text-generation/ray_serve/docker/Dockerfile.rayserve
./comps/llms/text-generation/vllm-ray/docker/Dockerfile.vllmray
./comps/asr/Dockerfile
./comps/asr/whisper/Dockerfile_hpu
./comps/asr/whisper/Dockerfile

[ZailiWang]

Hi @ZePan110, I drafted #330 per a previous request (#300) adding non-root user for ASR & whisper dockerfiles only. If you have planned to provide a unified update for all the dockerfiles, I'll close my PR.

[ZePan110]

@ZailiWang OK. You can close the PR, I am currently doing this.

[ZePan110]

The issue is solved by https://github.com/opea-project/GenAIComps/pull/406 and https://github.com/opea-project/GenAIComps/pull/460