diff --git a/k8s/Dockerfile b/k8s/Dockerfile
index 7bc033df1..1e15db52b 100644
--- a/k8s/Dockerfile
+++ b/k8s/Dockerfile
@@ -1,28 +1,20 @@
-FROM --platform=linux/${TARGETARCH} ubuntu:24.04 AS base
+FROM --platform=linux/${TARGETARCH} python:3.12-alpine AS base
 
 ARG TARGETARCH
 
 RUN mkdir /install
 WORKDIR /install
 
-RUN apt-get update && \
-    apt-get install -y software-properties-common curl gnupg
-
-RUN apt-get update \
-    && DEBIAN_FRONTEND="noninteractive" apt-get install -y \
-        debhelper \
-        python3-all \
-        python3-all-dev \
-        python3-dev \
-        python3-pip \
-        python3-setuptools \
-        python3-venv \
-        build-essential \
-        devscripts \
-        equivs \
-        wget \
-        apt-transport-https \
-        ca-certificates
+# Install build dependencies
+RUN apk add --no-cache \
+    make \
+    cmake \
+    gcc \
+    g++ \
+    musl-dev \
+    zlib-dev \
+    openssl-dev \
+    linux-headers
 
 ENV PATH=/root/.local/bin:$PATH
 
@@ -30,24 +22,30 @@ COPY . /build/
 
 # General requirements
 ENV POETRY_VIRTUALENVS_IN_PROJECT=true
-# RUN python3 -m pip install -U pip --break-system-packages && pip3 install --ignore-installed --user poetry==1.8.5 --break-system-packages
-RUN pip3 install --ignore-installed --user poetry==1.8.5 --break-system-packages
+RUN pip install --no-cache-dir poetry==1.8.5
+
+# Install ssh-python separately first
+RUN pip install --no-cache-dir ssh-python==1.1.0
 
 # Build medusa itself so we can add the executables in the final image
 RUN cd /build && poetry build && poetry install
 
 # Could be python:slim, but we have a .sh entrypoint
-FROM --platform=linux/${TARGETARCH} ubuntu:24.04
+FROM --platform=linux/${TARGETARCH} python:3.12-alpine
 
 # Reuse the architecture argument
 ARG TARGETARCH
 
 ## add user
-RUN groupadd -r cassandra --gid=999 && useradd -r -g cassandra --uid=999 --create-home cassandra
+RUN addgroup -S cassandra && adduser -S cassandra -G cassandra
 
-# wget could happen in the build-phase
-RUN apt-get update && apt-get install -y python3 python3-setuptools wget curl jq \
-    && rm -rf /var/lib/apt/lists/*
+# Install runtime dependencies
+RUN apk add --no-cache \
+    wget \
+    curl \
+    jq \
+    tzdata \
+    && rm -rf /var/cache/apk/*
 
 # Download the the latest grpc_health_probe binary build for the correct architecture
 RUN curl -s https://api.github.com/repos/grpc-ecosystem/grpc-health-probe/releases/latest \
@@ -57,8 +55,8 @@ RUN curl -s https://api.github.com/repos/grpc-ecosystem/grpc-health-probe/releas
 USER cassandra
 WORKDIR /home/cassandra
 
-ENV DEBUG_VERSION 1
-ENV DEBUG_SLEEP 0
+ENV DEBUG_VERSION=1
+ENV DEBUG_SLEEP=0
 ENV PATH=/home/cassandra/.local/bin:/home/cassandra/google-cloud-sdk/bin:/home/cassandra/bin:$PATH
 ENV PYTHONPATH=/home/cassandra
 
diff --git a/k8s/docker-entrypoint.sh b/k8s/docker-entrypoint.sh
index 7011c5f58..c242c700e 100755
--- a/k8s/docker-entrypoint.sh
+++ b/k8s/docker-entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 #
 # While not limited to k8s environments, this script is designed for running
 # Medusa in two containers in a Cassandra pod. One container runs the backup
@@ -30,19 +30,19 @@ restore() {
         exit 0
     fi
 
-    if [ -a $last_restore_file ]; then
-      restore_key=`cat $last_restore_file`
+    if [ -f "$last_restore_file" ]; then
+      restore_key=$(cat "$last_restore_file")
       echo "Last restore is $restore_key"
     else
       restore_key=""
     fi
 
-    if [ "$restore_key" == "$RESTORE_KEY" ]; then
+    if [ "$restore_key" = "$RESTORE_KEY" ]; then
         echo "Skipping restore operation"
     else
         echo "Restoring backup $BACKUP_NAME"
-        poetry run python -m medusa.service.grpc.restore -- "/etc/medusa/medusa.ini" $RESTORE_KEY
-        echo $RESTORE_KEY > $last_restore_file
+        poetry run python -m medusa.service.grpc.restore -- "/etc/medusa/medusa.ini" "$RESTORE_KEY"
+        echo "$RESTORE_KEY" > "$last_restore_file"
     fi
 }
 
@@ -50,7 +50,7 @@ grpc() {
     ORIGINAL_MEDUSA_INI_DIGEST=$(md5sum /etc/medusa/medusa.ini | awk '{print $1}')
     echo "Starting Medusa gRPC service"
 
-    exec poetry run python -m medusa.service.grpc.server server.py &
+    poetry run python -m medusa.service.grpc.server server.py &
     MEDUSA_PID=$!
 
     # Loop while Medusa process is running
@@ -60,7 +60,7 @@ grpc() {
         echo "Detected change in medusa.ini, checking for running backups"
         if ! [ -f /tmp/medusa_backup_in_progress ]; then
           echo "No backups in progress, stopping Medusa"
-          kill $MEDUSA_PID
+          kill "$MEDUSA_PID"
           # Always exit with 0 on config change.
           exit 0
         else
@@ -75,11 +75,13 @@ grpc() {
 }
 
 echo "sleeping for $DEBUG_SLEEP sec"
-sleep $DEBUG_SLEEP
+sleep "$DEBUG_SLEEP"
 
-if [ "$MEDUSA_MODE" == "RESTORE" ]; then
+source .venv/bin/activate
+
+if [ "$MEDUSA_MODE" = "RESTORE" ]; then
     restore
-elif [ "$MEDUSA_MODE" == "GRPC" ]; then
+elif [ "$MEDUSA_MODE" = "GRPC" ]; then
     grpc
 else
     echo "MEDUSA_MODE env var must be set to either RESTORE or GRPC"