diff --git a/dockerfiles/kubernetes-apiserver/Dockerfile b/dockerfiles/kubernetes-apiserver/Dockerfile
index 7e5498ed02..6acdaff6cd 100644
--- a/dockerfiles/kubernetes-apiserver/Dockerfile
+++ b/dockerfiles/kubernetes-apiserver/Dockerfile
@@ -1,8 +1,8 @@
 ARG KUBE_VERSION=v1.13.0
-ARG ADD_KUBE_ALLOW_PRIV=false
 
 FROM fedora:rawhide
 ARG KUBE_VERSION
+ARG ADD_KUBE_ALLOW_PRIV=false
 RUN curl -o /root/kubectl -O https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/kubectl
 
 FROM gcr.io/google-containers/kube-apiserver-amd64:${KUBE_VERSION}
@@ -31,7 +31,7 @@ COPY service.template config.json.template /exports/
 # however, this would require hard-coding the container name
 
 COPY apiserver config /etc/kubernetes/
-RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
+RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
 RUN mkdir -p /exports/hostfs/usr/local/bin/
 COPY --from=0 /root/kubectl /exports/hostfs/usr/local/bin/
 RUN chmod +x /exports/hostfs/usr/local/bin/kubectl && \
diff --git a/dockerfiles/kubernetes-controller-manager/Dockerfile b/dockerfiles/kubernetes-controller-manager/Dockerfile
index ecb3608ef6..bc48e1e42b 100644
--- a/dockerfiles/kubernetes-controller-manager/Dockerfile
+++ b/dockerfiles/kubernetes-controller-manager/Dockerfile
@@ -1,6 +1,6 @@
 ARG KUBE_VERSION=v1.13.0
-ARG ADD_KUBE_ALLOW_PRIV=false
 FROM gcr.io/google-containers/kube-controller-manager-amd64:${KUBE_VERSION}
+ARG ADD_KUBE_ALLOW_PRIV=false
 
 ENV container=docker
 
@@ -18,7 +18,7 @@ COPY launch.sh /usr/bin/kube-controller-manager-docker.sh
 COPY service.template config.json.template /exports/
 
 COPY controller-manager config /etc/kubernetes/
-RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
+RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
 RUN mkdir -p /exports/hostfs/etc/kubernetes && \
     cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
     cp /etc/kubernetes/controller-manager /exports/hostfs/etc/kubernetes/
diff --git a/dockerfiles/kubernetes-kubelet/Dockerfile b/dockerfiles/kubernetes-kubelet/Dockerfile
index 39d3173c8c..08770d76f9 100644
--- a/dockerfiles/kubernetes-kubelet/Dockerfile
+++ b/dockerfiles/kubernetes-kubelet/Dockerfile
@@ -1,6 +1,6 @@
 ARG KUBE_VERSION=v1.13.0
-ARG ADD_KUBE_ALLOW_PRIV=false
 FROM gcr.io/google-containers/hyperkube-amd64:${KUBE_VERSION}
+ARG ADD_KUBE_ALLOW_PRIV=false
 
 ENV container=docker
 
@@ -15,7 +15,7 @@ LABEL bzcomponent="$NAME" \
 
 COPY launch.sh /usr/bin/kubelet-docker.sh
 COPY kubelet config /etc/kubernetes/
-RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
+RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
 
 COPY manifest.json tmpfiles.template service.template config.json.template /exports/
 
diff --git a/dockerfiles/kubernetes-proxy/Dockerfile b/dockerfiles/kubernetes-proxy/Dockerfile
index 6c376bb301..8c5f17a01e 100644
--- a/dockerfiles/kubernetes-proxy/Dockerfile
+++ b/dockerfiles/kubernetes-proxy/Dockerfile
@@ -1,6 +1,6 @@
 ARG KUBE_VERSION=v1.13.0
-ARG ADD_KUBE_ALLOW_PRIV=false
 FROM gcr.io/google-containers/kube-proxy-amd64:${KUBE_VERSION}
+ARG ADD_KUBE_ALLOW_PRIV=false
 ENV container=docker
 
 ENV NAME=kubernetes-proxy VERSION=0 RELEASE=8 ARCH=x86_64
@@ -17,7 +17,7 @@ COPY launch.sh /usr/bin/kube-proxy-docker.sh
 COPY service.template config.json.template /exports/
 
 COPY proxy config /etc/kubernetes/
-RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
+RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
 
 RUN mkdir -p /exports/hostfs/etc/kubernetes && \
     cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
diff --git a/dockerfiles/kubernetes-scheduler/Dockerfile b/dockerfiles/kubernetes-scheduler/Dockerfile
index c223b866ca..ce2cbdb165 100644
--- a/dockerfiles/kubernetes-scheduler/Dockerfile
+++ b/dockerfiles/kubernetes-scheduler/Dockerfile
@@ -1,6 +1,6 @@
 ARG KUBE_VERSION=v1.13.0
-ARG ADD_KUBE_ALLOW_PRIV=false
 FROM gcr.io/google-containers/kube-scheduler-amd64:${KUBE_VERSION}
+ARG ADD_KUBE_ALLOW_PRIV=false
 ENV container=docker
 
 ENV NAME=kubernetes-scheduler VERSION=0.1 RELEASE=8 ARCH=x86_64
@@ -17,7 +17,7 @@ COPY launch.sh /usr/bin/kube-scheduler-docker.sh
 COPY service.template config.json.template /exports/
 
 COPY scheduler config /etc/kubernetes/
-RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
+RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
 RUN mkdir -p /exports/hostfs/etc/kubernetes && \
     cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
     cp /etc/kubernetes/scheduler /exports/hostfs/etc/kubernetes/