Use unprivileged alpine container

Dockerfile

@@ -13,7 +13,7 @@ COPY *.js ./
 
 RUN npm run build
 
-FROM bitnami/nginx:1.20 AS production
+FROM nginxinc/nginx-unprivileged:1.20-alpine AS production
 
-COPY --from=build-stage /app/build /app
+COPY --from=build-stage /app/build /usr/share/nginx/html
 EXPOSE 8080

kubernetes/base/deployment.yaml

@@ -18,9 +18,10 @@ spec:
 
     spec:
       securityContext:
+        fsGroup: 101
+        runAsUser: 101
+        runAsGroup: 101
         runAsNonRoot: true
-        fsGroup: 1001
-        sysctls: []
 
       containers:
         - name: dsm-client
@@ -52,7 +53,3 @@ spec:
             failureThreshold: 3
             successThreshold: 1
             initialDelaySeconds: 5
-
-          securityContext:
-            runAsUser: 1001
-            runAsNonRoot: true