diff --git a/jhipster-k8s/blog/Dockerfile b/jhipster-k8s/blog/Dockerfile
new file mode 100644
index 0000000..9819fa1
--- /dev/null
+++ b/jhipster-k8s/blog/Dockerfile
@@ -0,0 +1,31 @@
+# Stage 1: Build
+FROM eclipse-temurin:11-jdk-focal as build
+WORKDIR /app
+COPY gradlew .
+COPY gradle ./gradle
+COPY build.gradle .
+COPY settings.gradle .
+RUN chmod +x ./gradlew
+RUN ./gradlew dependencies --no-daemon
+COPY src ./src
+RUN ./gradlew -Pprod clean bootJar --no-daemon
+
+# Stage 2: Runtime
+FROM eclipse-temurin:11-jre-focal as runtime
+WORKDIR /app
+RUN addgroup --system appuser && \
+    adduser --system --ingroup appuser appuser
+COPY --from=build /app/build/libs/*.jar app.jar
+
+ENV SPRING_PROFILES_ACTIVE="prod"
+ENV JAVA_OPTS="-Xms256m -Xmx512m -Djava.security.egd=file:/dev/./urandom"
+ENV EUREKA_CLIENT_SERVICEURL_DEFAULTZONE="http://localhost:8761/eureka/"
+ENV SPRING_CLOUD_CONFIG_URI="http://localhost:8761"
+ENV SPRING_DATASOURCE_URL="jdbc:postgresql://localhost:5432/blog"
+ENV SPRING_DATASOURCE_USERNAME="<override-me-in-k8s-secret>"
+ENV SPRING_DATASOURCE_PASSWORD="<override-me-in-k8s-secret>"
+
+RUN chown appuser:appuser /app/app.jar
+USER appuser
+EXPOSE 8080
+ENTRYPOINT ["java", ${JAVA_OPTS}, "-jar", "app.jar"]
diff --git a/jhipster-k8s/gateway/Dockerfile b/jhipster-k8s/gateway/Dockerfile
new file mode 100644
index 0000000..670f4b6
--- /dev/null
+++ b/jhipster-k8s/gateway/Dockerfile
@@ -0,0 +1,55 @@
+# Stage 1: Build Backend (Java) & Frontend (Node)
+# Use a base image with both Node.js and JDK
+FROM node:16-jdk11 as build
+WORKDIR /app
+
+# 1. Cache Node.js dependencies
+COPY package.json package-lock.json ./
+RUN npm install --legacy-peer-deps
+
+# 2. Cache Gradle dependencies
+COPY gradlew .
+COPY gradle ./gradle
+COPY build.gradle .
+COPY settings.gradle .
+RUN chmod +x ./gradlew
+# './gradlew dependencies' might fail if frontend build is tied too early; skip if problematic
+# RUN ./gradlew dependencies --no-daemon
+
+# 3. Copy source code
+COPY . .
+
+# 4. Build the application (includes frontend build via npm task triggered by gradle)
+RUN ./gradlew -Pprod clean bootJar --no-daemon -x test
+
+# Stage 2: Runtime Environment
+FROM eclipse-temurin:11-jre-focal as runtime
+WORKDIR /app
+
+# Create a non-root user
+RUN addgroup --system appuser && \
+    adduser --system --ingroup appuser appuser
+
+# Copy the executable JAR from the build stage
+COPY --from=build /app/build/libs/*.jar app.jar
+
+# Define Environment Variables (defaults/placeholders, override in K8s)
+ENV SPRING_PROFILES_ACTIVE="prod"
+ENV JAVA_OPTS="-Xms256m -Xmx512m -Djava.security.egd=file:/dev/./urandom"
+ENV EUREKA_CLIENT_SERVICEURL_DEFAULTZONE="http://localhost:8761/eureka/"
+ENV SPRING_CLOUD_CONFIG_URI="http://localhost:8761"
+# --- OAuth2/OIDC ---
+ENV SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI="http://localhost:9080/auth/realms/jhipster"
+ENV SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID="web_app"
+ENV SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET="<override-me-in-k8s-secret>"
+# Add other necessary ENV vars (e.g., database if gateway uses one)
+
+# Set ownership and switch user
+RUN chown appuser:appuser /app/app.jar
+USER appuser
+
+# Expose port (default JHipster gateway port)
+EXPOSE 8080
+
+# Run the application
+ENTRYPOINT ["java", ${JAVA_OPTS}, "-jar", "app.jar"]
diff --git a/jhipster-k8s/store/Dockerfile b/jhipster-k8s/store/Dockerfile
new file mode 100644
index 0000000..273ebcf
--- /dev/null
+++ b/jhipster-k8s/store/Dockerfile
@@ -0,0 +1,33 @@
+# Stage 1: Build
+FROM eclipse-temurin:11-jdk-focal as build
+WORKDIR /app
+COPY gradlew .
+COPY gradle ./gradle
+COPY build.gradle .
+COPY settings.gradle .
+RUN chmod +x ./gradlew
+RUN ./gradlew dependencies --no-daemon
+COPY src ./src
+RUN ./gradlew -Pprod clean bootJar --no-daemon -x test
+
+# Stage 2: Runtime
+FROM eclipse-temurin:11-jre-focal as runtime
+WORKDIR /app
+RUN addgroup --system appuser && \
+    adduser --system --ingroup appuser appuser
+COPY --from=build /app/build/libs/*.jar app.jar
+
+ENV SPRING_PROFILES_ACTIVE="prod"
+ENV JAVA_OPTS="-Xms256m -Xmx512m -Djava.security.egd=file:/dev/./urandom"
+ENV EUREKA_CLIENT_SERVICEURL_DEFAULTZONE="http://localhost:8761/eureka/"
+ENV SPRING_CLOUD_CONFIG_URI="http://localhost:8761"
+# --- MongoDB Configuration ---
+# Use K8s ConfigMap/Secret to provide the correct URI, potentially including credentials
+# Example K8s value: mongodb://<user>:<password>@<mongodb-service>.<namespace>.svc.cluster.local:27017/store
+ENV SPRING_DATA_MONGODB_URI="mongodb://localhost:27017/store"
+
+RUN chown appuser:appuser /app/app.jar
+USER appuser
+# Expose default Spring Boot port; adjust if application-prod.yml sets server.port differently
+EXPOSE 8080
+ENTRYPOINT ["java", ${JAVA_OPTS}, "-jar", "app.jar"]