diff --git a/Dockerfile b/Dockerfile
index 3e6eb2d..1693584 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.19 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.21 AS builder
 RUN apk add alpine-sdk ca-certificates
 
 ARG TARGETOS
@@ -21,7 +21,7 @@ RUN mkdir -p build && \
     go build -mod=vendor -o build/kafka-proxy \
     -ldflags "${LDFLAGS}" .
 
-FROM --platform=$BUILDPLATFORM alpine:3.19
+FROM --platform=$BUILDPLATFORM alpine:3.21
 RUN apk add --no-cache ca-certificates libcap
 RUN adduser \
         --disabled-password \
@@ -29,12 +29,13 @@ RUN adduser \
         --home "/nonexistent" \
         --shell "/sbin/nologin" \
         --no-create-home \
+        --uid 65534 \
         kafka-proxy
 
-COPY --from=builder /go/src/github.com/grepplabs/kafka-proxy/build /opt/kafka-proxy/bin
-RUN setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/kafka-proxy
+COPY --from=builder /go/src/github.com/grepplabs/kafka-proxy/build /usr/local/bin/
+RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/kafka-proxy
 
 USER kafka-proxy
-ENTRYPOINT ["/opt/kafka-proxy/bin/kafka-proxy"]
+ENTRYPOINT ["kafka-proxy"]
 CMD ["--help"]
 
diff --git a/Dockerfile.all b/Dockerfile.all
index 4fadac3..51f3816 100644
--- a/Dockerfile.all
+++ b/Dockerfile.all
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.19 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.21 AS builder
 RUN apk add alpine-sdk ca-certificates
 
 ARG TARGETOS
@@ -27,7 +27,7 @@ RUN mkdir -p build && \
     go build -mod=vendor -o build/unsecured-jwt-provider -ldflags "${LDFLAGS}" cmd/plugin-unsecured-jwt-provider/main.go && \
     go build -mod=vendor -o build/oidc-provider -ldflags "${LDFLAGS}" cmd/plugin-oidc-provider/main.go
 
-FROM --platform=$BUILDPLATFORM alpine:3.19
+FROM --platform=$BUILDPLATFORM alpine:3.21
 RUN apk add --no-cache ca-certificates libcap
 RUN adduser \
         --disabled-password \
@@ -35,19 +35,19 @@ RUN adduser \
         --home "/nonexistent" \
         --shell "/sbin/nologin" \
         --no-create-home \
+        --uid 65534 \
         kafka-proxy
 
-COPY --from=builder /go/src/github.com/grepplabs/kafka-proxy/build /opt/kafka-proxy/bin
-RUN setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/kafka-proxy && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/auth-user && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/auth-ldap && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/google-id-provider && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/google-id-info && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/unsecured-jwt-info && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/unsecured-jwt-provider && \
-    setcap 'cap_net_bind_service=+ep' /opt/kafka-proxy/bin/oidc-provider
+COPY --from=builder /go/src/github.com/grepplabs/kafka-proxy/build /usr/local/bin/
+RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/kafka-proxy && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/auth-user && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/auth-ldap && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/google-id-provider && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/google-id-info && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/unsecured-jwt-info && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/unsecured-jwt-provider && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/oidc-provider
 
 USER kafka-proxy
-ENTRYPOINT ["/opt/kafka-proxy/bin/kafka-proxy"]
+ENTRYPOINT ["kafka-proxy"]
 CMD ["--help"]
-