diff --git a/.dockerignore b/.dockerignore
index 1ed984a..ddc414a 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -5,4 +5,7 @@ mutationDiff/
 source/
 target/
 xdcrDiffer
+go.mod
+go.sum
 xdcrDiffer.log
+
diff --git a/Dockerfile b/Dockerfile
index e3f241c..f301d9f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,17 @@
+
 ARG BUILDER_IMAGE=docker.io/golang:1.23
 ARG FINAL_IMAGE=docker.io/redhat/ubi9:9.4
+
 ARG http_proxy
 ARG https_proxy
 ARG no_proxy
 
 FROM $BUILDER_IMAGE as builder
 
+ENV http_proxy=${http_proxy}
+ENV https_proxy=${https_proxy}
+ENV no_proxy=${no_proxy}
+
 ENV LANG=en_US.utf8
 ENV LC_ALL=en_US.utf8
 
@@ -20,6 +26,7 @@ COPY . .
 
 RUN echo "myuser:x:1001:1001::/:/xdcrDiffer" > /passwd
 
+
 RUN go build -ldflags='-s -w -extldflags "-static"' -v \
     -o xdcrDiffer main.go
 
@@ -33,3 +40,4 @@ COPY --from=builder /passwd /etc/passwd
 
 ENTRYPOINT ["/runDiffer.sh"]
 
+
diff --git a/runDiffer.sh b/runDiffer.sh
index ef9e9f2..0b7f3b2 100755
--- a/runDiffer.sh
+++ b/runDiffer.sh
@@ -24,7 +24,7 @@ function findExec() {
 function printHelp() {
 	findExec
 
-	cat <<EOF
+	cat <<GG
 This script will set up the necessary environment variable to allow the XDCR diff tool to connect to the metakv service in the
 specified source cluster (NOTE: over http://) and retrieve the specified replication spec and run the difftool on it.
 
@@ -57,7 +57,7 @@ Example usage:
 	${BASH_SOURCE[0]} -h 127.0.0.1:8091 -u admin -p password -s sourceBucket -t targetBucket -r remoteCluster -c
 	${BASH_SOURCE[0]} --hostname=127.0.0.1:8091 --username=admin --password=password --sourceBucket=sourceBucketName --targetBucket=targetBucketName --remoteClusterName=RemoteRefName --clear
 	${BASH_SOURCE[0]} -y ./sampleConfig.yaml
-EOF
+GG
 }
 
 function waitForBgJobs {
@@ -67,7 +67,6 @@ function waitForBgJobs {
 		echo "Usage: wait_for_pid <pid>"
 		return 1
 	fi
-
 	# Loop until the process no longer exists
 	while kill -0 "$pid" 2>/dev/null; do
 		echo "Waiting for PID $pid to terminate..."
@@ -135,6 +134,9 @@ while getopts ":h:p:u:r:s:t:cm:e:w:d:o:y:-:" opt; do
 		debugMode)
 			debugMode=1
 			;;
+		enforceTLS)
+			enforceTLS=1
+			;;
 		username=*)
 			username=${OPTARG#*=}
 			;;
@@ -296,6 +298,10 @@ function setupFromCmdLine {
 		execString="${execString} -targetUrl"
 		execString="${execString} $targetUrl"
 	fi
+	if [[ ! -z "$enforceTLS" ]]; then
+		execString="${execString} -enforceTLS"
+		execString="${execString} $enforceTLS"
+	fi
 	if [[ ! -z "$maxFileDescs" ]]; then
 		execString="${execString} -numberOfFileDesc"
 		execString="${execString} $maxFileDescs"
diff --git a/xdcr-differ-pod.yaml b/xdcr-differ-pod.yaml
new file mode 100644
index 0000000..4af46c7
--- /dev/null
+++ b/xdcr-differ-pod.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: xdcr-differ-pod
+  labels:
+    app: xdcr-differ
+spec:
+  containers:
+  - name: xdcr-differ
+    imagePullPolicy: IfNotPresent
+    image: my-repo/xdcr-differ:1.0.3
+    command: ["/bin/sleep", "infinity"]
+    volumeMounts:
+    - name: xdcr-differ-secret
+      #mountPath: /etc/ssl/certs/ca.crt # for ubuntu
+      mountPath: /etc/pki/ca-trust/source/anchors/ca.crt # for redhat
+      subPath: ca.crt
+  volumes:
+  - name: xdcr-differ-secret
+    secret:
+      secretName: platform-couchbase-cluster-plt-cbc-cluster-tls