diff --git a/README.md b/README.md
index d2622cf..6f230a5 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,8 @@ Gateway for the image builder community service.
 
 To run envoy:
 ```
-docker run --net=host -v $PWD/example:/app -it envoyproxy/envoy:distroless-v1.29-latest -c /app/config.yaml
+docker build -t envoy-gateway -f ./distribution/Dockerfile .
+docker run --net=host -v $PWD/example:/app -it envoy-gateway envoy -c /app/config.yaml
 ```
 
 To try it out:
diff --git a/distribution/Dockerfile b/distribution/Dockerfile
index 2d179ec..489cfd7 100644
--- a/distribution/Dockerfile
+++ b/distribution/Dockerfile
@@ -6,4 +6,9 @@ ENV GOFLAGS=-mod=vendor
 RUN go build -o oidc-authorizer /oidc-authorizer/cmd/oidc-authorizer
 
 FROM quay.io/fedora/fedora-minimal:latest
+RUN microdnf --nodocs upgrade -y
+RUN rpm --import 'https://rpm.dl.getenvoy.io/public/gpg.CF716AF503183491.key'
+RUN curl -sL 'https://rpm.dl.getenvoy.io/public/config.rpm.txt?distro=el&codename=9' > /etc/yum.repos.d/envoy.repo
+RUN microdnf install -y getenvoy-envoy
+RUN microdnf clean all
 COPY --from=builder /oidc-authorizer/oidc-authorizer /oidc-authorizer
diff --git a/templates/.kube-linter-config.yml b/templates/.kube-linter-config.yml
index a1d93a2..f3af77f 100644
--- a/templates/.kube-linter-config.yml
+++ b/templates/.kube-linter-config.yml
@@ -2,4 +2,3 @@ checks:
   exclude:
   - "no-read-only-root-fs"
   - "run-as-non-root"
-  - "latest-tag"
diff --git a/templates/gateway.yml b/templates/gateway.yml
index ca5f29d..b72455c 100644
--- a/templates/gateway.yml
+++ b/templates/gateway.yml
@@ -197,7 +197,7 @@ objects:
                 topologyKey: kubernetes.io/hostname
         containers:
         - name: community-gateway
-          image: "${ENVOYPROXY_IMAGE_NAME}:${ENVOYPROXY_IMAGE_TAG}"
+          image: "${IMAGE_NAME}:${IMAGE_TAG}"
           command:
           - /usr/bin/envoy
           - --config-path
@@ -240,7 +240,7 @@ objects:
           - name: sockets
             mountPath: /sockets
         - name: oidc-authorizer
-          image: "${OIDC_AUTHORIZER_IMAGE_NAME}:${IMAGE_TAG}"
+          image: "${IMAGE_NAME}:${IMAGE_TAG}"
           command:
           - /oidc-authorizer
           ports:
@@ -324,20 +324,13 @@ objects:
         protocol: TCP
 
 parameters:
-- description: oidc authorizer image name
-  name: OIDC_AUTHORIZER_IMAGE_NAME
-  value: quay.io/cloudservices/oidc-authorizer
+- description: community-gateway image name
+  name: IMAGE_NAME
+  value: quay.io/cloudservices/community-gateway
   required: true
-- description: oidc authorizer tag, will be set by the deployment pipeline
+- description: community-gateway tag, will be set by the deployment pipeline
   name: IMAGE_TAG
   required: true
-- description: envoy proxy image name
-  name: ENVOYPROXY_IMAGE_NAME
-  value: quay.io/app-sre/envoyproxy
-  required: true
-- description: envoy proxy tag
-  name: ENVOYPROXY_IMAGE_TAG
-  value: "latest"
 - description: number of pods to spin up, minimum 3
   name: REPLICAS
   value: "3"
diff --git a/tools/build.sh b/tools/build.sh
index 0cf320d..f743bd9 100755
--- a/tools/build.sh
+++ b/tools/build.sh
@@ -2,7 +2,7 @@
 # AppSRE runs this script to build the container and push it to Quay.
 set -exv
 
-IMAGE_NAME="quay.io/cloudservices/oidc-authorizer"
+IMAGE_NAME="quay.io/cloudservices/community-gateway"
 IMAGE_TAG=$(git rev-parse --short=7 HEAD)
 
 if [[ -z "$QUAY_USER" || -z "$QUAY_TOKEN" ]]; then