diff --git a/Dockerfile b/Dockerfile
index ba2dd1d..79bc56f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,7 +5,7 @@ RUN go build -o kforge .
 
 FROM alpine:3.19
 COPY --from=builder /app/kforge /usr/local/bin/kforge
-RUN apk add --no-cache curl bash docker-cli && \
+RUN apk add --no-cache curl sh docker-cli && \
     curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
     install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
 COPY entrypoint.sh /entrypoint.sh
diff --git a/entrypoint.sh b/entrypoint.sh
index b9ee265..be89f94 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 set -e
 
 # INPUT_FILE="$1"
@@ -93,9 +93,11 @@ echo "Generating Kubernetes YAML from .kforge.yml"
 # ----------------------------------------------------------------
 # Build kubeconfig from token-based credentials
 echo "Configuring kubectl..."
+echo "$INPUT_KUBE_CERTIFICATE" | base64 -d > /tmp/kube-ca.crt
+
 kubectl config set-cluster default \
 --server="$INPUT_KUBE_HOST" \
---certificate-authority=<(echo "$INPUT_KUBE_CERTIFICATE" | base64 -d)
+--certificate-authority=/tmp/kube-ca.crt
 
 kubectl config set-credentials default \
 --token="$INPUT_KUBE_TOKEN"
@@ -106,6 +108,8 @@ kubectl config set-context default \
 
 kubectl config use-context default
 
+rm -f /tmp/kube-ca.crt
+
 # Create/update regcred secret idempotently
 echo "Creating regcred secret..."
 kubectl create secret docker-registry regcred \