diff --git a/.circleci/config.yml b/.circleci/config.yml
deleted file mode 100644
index df279cc..0000000
--- a/.circleci/config.yml
+++ /dev/null
@@ -1,59 +0,0 @@
-# The following environment variables are required.
-# They should be set in a CircleCI context called "docker".
-#
-# DOCKER_USER
-# DOCKER_PASS
-# DOCKER_REPO   eg. orgname/imagetag
-
-version: 2
-
-jobs:
-  # test:
-  #   docker:
-  #     - image: alpine:latest
-
-  #   working_directory: ~/project
-
-  #   steps:
-  #   - checkout
-  #   - run: echo "Tests!"
-
-
-  build_and_push:
-    docker:
-      - image: docker:latest
-
-    working_directory: ~/project
-
-    steps:
-    - setup_remote_docker
-    - checkout
-    - run: echo "$DOCKER_PASS" | docker login -u $DOCKER_USER --password-stdin
-    - run: |
-        docker build -t ${DOCKER_REPO}:latest .
-
-        if [[ "$CIRCLE_TAG" ]]; then
-          docker tag ${DOCKER_REPO}:latest ${DOCKER_REPO}:${CIRCLE_TAG}
-          docker push ${DOCKER_REPO}:${CIRCLE_TAG}
-          docker push ${DOCKER_REPO}:latest
-        else
-          docker tag ${DOCKER_REPO}:latest ${DOCKER_REPO}:${CIRCLE_BRANCH}
-          docker push ${DOCKER_REPO}:${CIRCLE_BRANCH}
-        fi        
-
-workflows:
-  version: 2
-  build_push:
-    jobs:
-      # - test:
-      #     filters:
-      #       tags:
-      #         only: /.*/
-
-      - build_and_push:
-          context: docker
-          # requires:
-          #   - test          
-          filters:
-            tags:
-              only: /^([0-9]+)\.([0-9]+)\.([0-9]+)/
diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..f639007
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,9 @@
+# https://EditorConfig.org
+
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 2
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..ec40f88
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,39 @@
+name: Build and Push to Docker Hub
+
+on: [push]
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@4
+        with:
+          images: jshimko/kube-tools
+          tags: |
+            type=ref,event=branch
+            type=match,pattern=\d+.\d+.\d+
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..9c595a6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+temp
diff --git a/Dockerfile b/Dockerfile
index 72fc0d3..60d3184 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,45 +1,42 @@
-FROM alpine:3.14
-
-# https://github.com/hypnoglow/helm-s3
-ENV HELM_S3_PLUGIN_VERSION "0.10.0"
-
-# set some defaults
-ENV AWS_DEFAULT_REGION "us-east-1"
-
-RUN apk --no-cache upgrade
-RUN apk add --update bash ca-certificates git python3 jq
-
-# https://github.com/sgerrand/alpine-pkg-glibc/releases
-ENV GLIBC_VER=2.33-r0
-
-# install glibc compatibility for alpine and aws-cli v2
-# https://github.com/aws/aws-cli/issues/4685#issuecomment-615872019
-RUN apk --no-cache add \
-        binutils \
-        curl \
-    && curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \
-    && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-${GLIBC_VER}.apk \
-    && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk \
-    && apk add --no-cache \
-        glibc-${GLIBC_VER}.apk \
-        glibc-bin-${GLIBC_VER}.apk \
-    && curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip \
-    && unzip awscliv2.zip \
-    && aws/install \
-    && rm -rf \
-        awscliv2.zip \
-        aws \
-        /usr/local/aws-cli/v2/*/dist/aws_completer \
-        /usr/local/aws-cli/v2/*/dist/awscli/data/ac.index \
-        /usr/local/aws-cli/v2/*/dist/awscli/examples \
-    && apk --no-cache del \
-        binutils \
-        curl \
-    && rm glibc-${GLIBC_VER}.apk \
-    && rm glibc-bin-${GLIBC_VER}.apk \
-    && rm -rf /var/cache/apk/*
-
-COPY install.sh /opt/install.sh
-RUN /opt/install.sh
+FROM debian:11-slim
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt update && \
+  apt upgrade -y && \
+  apt install -y --no-install-recommends curl git gnupg2 python python3-pip vim wget && \
+  echo "deb http://apt.postgresql.org/pub/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
+  wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \
+  apt -y update && apt install -y --no-install-recommends postgresql-client-14 && \
+  rm -rf /var/lib/apt/lists/* && \
+  pip3 install --upgrade pip && \
+  pip3 install awscli yamllint yq
+
+# kubectl
+RUN curl -LO "https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
+  mv kubectl /usr/local/bin/kubectl && \
+  chmod +x /usr/local/bin/kubectl && \
+  kubectl version --client
+
+# helm
+RUN curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
+
+# helm S3 plugin
+RUN helm plugin install https://github.com/hypnoglow/helm-s3.git
+
+# aws-iam-authenticator
+# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html
+RUN curl https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64 -Lo aws-iam-authenticator && \
+  chmod +x ./aws-iam-authenticator && \
+  mv aws-iam-authenticator /usr/local/bin/aws-iam-authenticator && \
+  aws-iam-authenticator help
+
+# Digital Ocean CLI (doctl)
+RUN DOCTL_VERSION=1.92.0 && \
+  wget https://github.com/digitalocean/doctl/releases/download/v${DOCTL_VERSION}/doctl-${DOCTL_VERSION}-linux-amd64.tar.gz && \
+  tar xf ./doctl-${DOCTL_VERSION}-linux-amd64.tar.gz && \
+  mv ./doctl /usr/local/bin && \
+  rm ./doctl-${DOCTL_VERSION}-linux-amd64.tar.gz && \
+  doctl help
 
 CMD bash
diff --git a/README.md b/README.md
index 36c025a..8e6835e 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # kube-tools
 
-A lightweight Docker image (based on Alpine) that comes with all the tools you need to work with Kubernetes, Helm charts, AWS (awscli), AWS EKS, and Digital Ocean Kubernetes. Intended to be a flexible foundation of tools for CI/CD workflows.
+A Docker image based on Debian 11 that comes with all the tools you need to work with Kubernetes, Helm charts, AWS (awscli), AWS EKS, and Digital Ocean Kubernetes. Intended to be a flexible foundation of tools for CI/CD workflows.
 
 ## Included Tools
 
@@ -10,31 +10,6 @@ A lightweight Docker image (based on Alpine) that comes with all the tools you n
  - awscli https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html
  - aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator
  - doctl https://docs.digitalocean.com/reference/doctl/
+ - psql https://www.postgresql.org/docs/14/app-psql.html
  - yamllint - https://github.com/adrienverge/yamllint
  - yq (YAML parser based on `jq`) - https://github.com/kislyuk/yq
-
-
-## Example Usage
-
-```sh
-# start up an image
-docker run -it \
-  -e AWS_ACCESS_KEY_ID="<AWS key>" \
-  -e AWS_SECRET_ACCESS_KEY="<AWS secret>" \
-  -e AWS_DEFAULT_REGION="us-east-1" \
-  jshimko/kube-tools-aws:latest
-
-# the above command drops into a bash shell with
-# all of the tooling for the following commands...
-
-# configure kubectl auth for an existing EKS cluster named "my-cluster"
-aws eks update-kubeconfig --name my-cluster
-
-# confirm it worked by listing your pods
-kubectl get pods --all-namespaces
-
-# or list your helm deployments
-helm ls --all-namespaces
-
-# now do stuff for your CI/CD process...
-```
diff --git a/install.sh b/install.sh
deleted file mode 100755
index bed0967..0000000
--- a/install.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-
-set -e
-
-apk add --update py3-pip curl make openssl groff wget
-
-# install kubectl
-curl -L "https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl
-chmod +x /usr/local/bin/kubectl
-kubectl version --client
-
-# install Helm
-# https://helm.sh/docs/intro/install/#from-script
-curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | sh
-
-# install S3 plugin for Helm
-helm plugin install https://github.com/hypnoglow/helm-s3.git --version $HELM_S3_PLUGIN_VERSION
-
-# aws-iam-authenticator
-# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html
-curl -o aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator
-curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator.sha256
-openssl sha1 -sha256 aws-iam-authenticator
-chmod +x ./aws-iam-authenticator
-mv aws-iam-authenticator /usr/local/bin/aws-iam-authenticator
-aws-iam-authenticator help
-
-# Digital Ocean CLI (doctl)
-wget https://github.com/digitalocean/doctl/releases/download/v1.64.0/doctl-1.64.0-linux-amd64.tar.gz
-tar xf ./doctl-1.64.0-linux-amd64.tar.gz
-mv ./doctl /usr/local/bin
-rm ./doctl-1.64.0-linux-amd64.tar.gz
-doctl help
-
-# install YAML tools
-pip install yamllint yq
-
-# cleanup
-rm /var/cache/apk/*
-rm -rf /tmp/*