diff --git a/Dockerfile b/Dockerfile
index 069d83b..c725ce8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,6 +15,10 @@ FROM nginxinc/nginx-unprivileged:stable-alpine AS prod
 COPY --from=build /app/dist /usr/share/nginx/html
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 
+# Explicitly declare numeric UID 101 (nginx-unprivileged's nginx user) so
+# Kubernetes can verify runAsNonRoot without resolving string usernames.
+USER 101
+
 EXPOSE 8080
 
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \