diff --git a/.circleci/config.yml b/.circleci/config.yml
index 2935d9e0..bd387bf6 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -122,7 +122,7 @@ jobs:
           base64 -d >~/.docker/config.json <<<"$OAO_DOCKER_AUTH_RHCC"
       - attach_workspace:
           at: .
-      - run: docker build . -f ./build/Dockerfile-rhel -t $OAO_IMAGE_RHCC:$CIRCLE_TAG
+      - run: docker build . -f ./build/Dockerfile -t $OAO_IMAGE_RHCC:$CIRCLE_TAG
       - run: docker push $OAO_IMAGE_RHCC:$CIRCLE_TAG
 
   verify-olm:
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 80d52b4d..fb568b07 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,7 +13,7 @@
 
 ### Other changes
 * Most operations now use HTTP Header for authentication with Dynatrace API ([#167](https://github.com/Dynatrace/dynatrace-oneagent-operator/pull/167))
-* Alpine version for Operator image bumped to 3.10, simplified Dockerfile ([#166](https://github.com/Dynatrace/dynatrace-oneagent-operator/pull/166), [#164](https://github.com/Dynatrace/dynatrace-oneagent-operator/pull/164))
+* Operator Docker images have been merged, and are now based on [UBI](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image) ([#179](https://github.com/Dynatrace/dynatrace-oneagent-operator/pull/179))
 * Update to nested OLM bundle structure ([#163](https://github.com/Dynatrace/dynatrace-oneagent-operator/pull/163))
 * Code style improvements ([#158](https://github.com/Dynatrace/dynatrace-oneagent-operator/pull/158), [#175](https://github.com/Dynatrace/dynatrace-oneagent-operator/pull/175))
 * Update to Operator SDK 0.12.0 and Go modules ([#157](https://github.com/Dynatrace/dynatrace-oneagent-operator/pull/157), [#172](https://github.com/Dynatrace/dynatrace-oneagent-operator/pull/172))
diff --git a/build/Dockerfile b/build/Dockerfile
index 38e0a85e..82164a69 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,7 +1,23 @@
-FROM alpine:3.10
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
 
-RUN apk --no-cache add ca-certificates
+LABEL name="Dynatrace OneAgent Operator" \
+      vendor="Dynatrace LLC" \
+      maintainer="Dynatrace LLC" \
+      version="1.x" \
+      release="1" \
+      url="https://www.dynatrace.com" \
+      summary="Dynatrace is an all-in-one, zero-config monitoring platform designed by and for cloud natives. It is powered by artificial intelligence that identifies performance problems and pinpoints their root causes in seconds." \
+      description="Dynatrace OneAgent automatically discovers all technologies, services and applications that run on your host."
 
-USER 65534:65534
+ENV OPERATOR=/usr/local/bin/dynatrace-oneagent-operator \
+    USER_UID=1001 \
+    USER_NAME=dynatrace-oneagent-operator
 
-ADD build/_output/bin/dynatrace-oneagent-operator /usr/local/bin/dynatrace-oneagent-operator
+COPY LICENSE /licenses/
+COPY build/_output/bin/dynatrace-oneagent-operator ${OPERATOR}
+COPY build/bin /usr/local/bin
+RUN  /usr/local/bin/user_setup
+
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+
+USER ${USER_UID}
diff --git a/build/Dockerfile-rhel b/build/Dockerfile-rhel
deleted file mode 100644
index e1b0e71d..00000000
--- a/build/Dockerfile-rhel
+++ /dev/null
@@ -1,17 +0,0 @@
-FROM registry.access.redhat.com/rhel-atomic
-
-MAINTAINER Dynatrace
-
-LABEL name="Dynatrace OneAgent Operator" \
-      vendor="Dynatrace" \
-      version="1.x" \
-      release="1" \
-      url="https://www.dynatrace.com" \
-      summary="Dynatrace is an all-in-one, zero-config monitoring platform designed by and for cloud natives. It is powered by artificial intelligence that identifies performance problems and pinpoints their root causes in seconds." \
-      description="Dynatrace OneAgent automatically discovers all technologies, services and applications that run on your host."
-
-COPY LICENSE /licenses/
-
-ADD build/_output/bin/dynatrace-oneagent-operator /usr/local/bin/dynatrace-oneagent-operator
-
-USER 1001:1001
diff --git a/build/bin/entrypoint b/build/bin/entrypoint
new file mode 100755
index 00000000..ef11f7d0
--- /dev/null
+++ b/build/bin/entrypoint
@@ -0,0 +1,12 @@
+#!/bin/sh -e
+
+# This is documented here:
+# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
+
+if ! whoami &>/dev/null; then
+  if [ -w /etc/passwd ]; then
+    echo "${USER_NAME:-dynatrace-oneagent-operator}:x:$(id -u):$(id -g):${USER_NAME:-dynatrace-oneagent-operator} user:${HOME}:/sbin/nologin" >> /etc/passwd
+  fi
+fi
+
+exec ${OPERATOR} $@
diff --git a/build/bin/user_setup b/build/bin/user_setup
new file mode 100755
index 00000000..1e36064c
--- /dev/null
+++ b/build/bin/user_setup
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -x
+
+# ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be)
+mkdir -p ${HOME}
+chown ${USER_UID}:0 ${HOME}
+chmod ug+rwx ${HOME}
+
+# runtime user will need to be able to self-insert in /etc/passwd
+chmod g+rw /etc/passwd
+
+# no need for this script to remain in the image after running
+rm $0
diff --git a/deploy/kubernetes.yaml b/deploy/kubernetes.yaml
index 118dc520..a351050e 100644
--- a/deploy/kubernetes.yaml
+++ b/deploy/kubernetes.yaml
@@ -580,8 +580,6 @@ spec:
       containers:
         - name: dynatrace-oneagent-operator
           image: quay.io/dynatrace/dynatrace-oneagent-operator:snapshot
-          command:
-            - dynatrace-oneagent-operator
           imagePullPolicy: Always
           env:
             - name: WATCH_NAMESPACE
diff --git a/deploy/openshift.yaml b/deploy/openshift.yaml
index 47da552a..8e30db7f 100644
--- a/deploy/openshift.yaml
+++ b/deploy/openshift.yaml
@@ -520,8 +520,6 @@ spec:
       containers:
         - name: dynatrace-oneagent-operator
           image: quay.io/dynatrace/dynatrace-oneagent-operator:snapshot
-          command:
-            - dynatrace-oneagent-operator
           imagePullPolicy: Always
           env:
             - name: WATCH_NAMESPACE