diff --git a/backend/Dockerfile b/backend/Dockerfile
index 8ecc57c12..3471d7428 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,8 +1,15 @@
+# GSSAPI = true to enable Kerberos auth for Kafka and manually build librdkafka with GSSAPI support
+ARG GSSAPI=false
+
 #ARCH can be amd64 or arm64
 ARG ARCH=amd64
 
 FROM --platform=linux/$ARCH golang:1.21-alpine3.18 AS build
-RUN apk add --no-cache gcc g++ make libc-dev
+RUN if [ "$GSSAPI" = "true" ]; then \
+      apk add --no-cache git openssh openssl-dev pkgconf gcc g++ make libc-dev bash librdkafka-dev cyrus-sasl cyrus-sasl-gssapiv2 krb5; \
+    else \
+      apk add --no-cache gcc g++ make libc-dev; \
+    fi
 WORKDIR /root
 
 # Load code dependencies
@@ -17,13 +24,21 @@ COPY internal internal
 
 # Build service
 ARG SERVICE_NAME
-RUN CGO_ENABLED=1 GOOS=linux GOARCH=$ARCH go build -o service -tags musl openreplay/backend/cmd/$SERVICE_NAME
+RUN if [ "$GSSAPI" = "true" ]; then \
+      CGO_ENABLED=1 GOOS=linux GOARCH=$ARCH go build -o service -tags dynamic openreplay/backend/cmd/$SERVICE_NAME; \
+    else \
+      CGO_ENABLED=1 GOOS=linux GOARCH=$ARCH go build -o service -tags musl openreplay/backend/cmd/$SERVICE_NAME; \
+    fi
 
 FROM --platform=linux/$ARCH alpine AS entrypoint
 ARG GIT_SHA
 LABEL GIT_SHA=$GIT_SHA
 
-RUN apk add --no-cache ca-certificates cyrus-sasl cyrus-sasl-gssapiv2 krb5
+RUN if [ "$GSSAPI" = "true" ]; then \
+      apk add --no-cache ca-certificates librdkafka-dev cyrus-sasl cyrus-sasl-gssapiv2 krb5; \
+    else \
+      apk add --no-cache ca-certificates cyrus-sasl cyrus-sasl-gssapiv2 krb5; \
+    fi
 RUN adduser -u 1001 openreplay -D
 
 ARG SERVICE_NAME