diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
new file mode 100644
index 000000000..3ded130a7
--- /dev/null
+++ b/.github/workflows/image.yaml
@@ -0,0 +1,82 @@
+name: release
+
+on: 
+  create:
+  push:
+    branches:
+      - master
+      - 'v*'
+    tags:
+      - 'v*'
+
+# TODO: Migrate building manifests and kubectl plugins from Cloud Build
+jobs:
+  hnc-manager:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+
+      - name: Set Release Tag
+        run: |
+          TAG="${GITHUB_REF#refs/*/v}"
+          echo "RELEASE_TAG=${TAG}" >> $GITHUB_ENV
+
+      - name: Set Build Date
+        id: date
+        run: |
+          echo "::set-output name=HNC_BUILD_TIMESTAMP::$(date -u +'%Y-%m-%dT%H-%M-%S')"
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@master
+        with:
+        # GCR_KEY is the service account key in json which is base64 encoded and stored in the secrets section of the repo.
+        # We think that the Service account only requires the permission to push to the required registry but we're not certain
+          service_account_key: ${{ secrets.GCR_KEY }}
+          export_default_credentials: true
+        
+      # Configure docker to use the gcloud command-line tool as a credential helper
+      - run: |
+          # Set up docker to authenticate
+          # via gcloud command-line tool.
+          gcloud auth configure-docker
+
+      - name: Docker meta
+        id: docker_meta
+        uses: docker/metadata-action@v3
+        with:
+          images: gcr.io/k8s-staging-multitenancy/hnc-manager
+          tags: |
+            type=raw,value=multiarch-{{branch}}-${{ steps.date.outputs.HNC_BUILD_TIMESTAMP }}
+  
+      - name: Print Tags
+        run: |
+          echo "${{ steps.docker_meta.outputs.tags }}"
+          echo "RELEASE TAG: ${RELEASE_TAG}"
+
+    ## QEMU is an emulator which makes it possible to transalte instruction sets to different platforms.
+    ## In this step, we setup the driver which Docker can use to build images on different platforms
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: v0.5.1
+
+
+      - name: Build & Push Image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          platforms: linux/amd64, linux/arm64, linux/arm/v7
+          tags: |
+            ${{ steps.docker_meta.outputs.tags }}
+          build-args: |
+            DBUILD_DATE=${{ steps.date.outputs.HNC_BUILD_TIMESTAMP }}
+            DBUILD_REPO_URL=https://github.com/kubernetes-sigs/hierarchical-namespaces
diff --git a/Dockerfile b/Dockerfile
index 271181bbc..42d549be3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,7 +13,7 @@ COPY cmd/ cmd/
 COPY internal/ internal/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager ./cmd/manager/main.go
+RUN CGO_ENABLED=0 GO111MODULE=on go build -a -o manager ./cmd/manager/main.go
 
 # Copied from kubebuilder scaffold to run as nonroot at
 # https://github.com/kubernetes-sigs/kubebuilder/blob/7af89cb00c224c57ece37dc14ea37caf1eb769db/pkg/scaffold/v2/dockerfile.go#L60
diff --git a/Makefile b/Makefile
index b1b62120c..a9b256312 100644
--- a/Makefile
+++ b/Makefile
@@ -109,6 +109,14 @@ build: generate fmt vet manifests
 	     -o bin/kubectl/kubectl-hns_darwin_amd64 \
 	     -ldflags="-X sigs.k8s.io/hierarchical-namespaces/internal/version.Version=${HNC_IMG_TAG}" \
 	     ./cmd/kubectl/main.go
+	GOOS=linux GOARCH=arm64 go build \
+	     -o bin/kubectl/kubectl-hns_linux_arm64 \
+	     -ldflags="-X sigs.k8s.io/hierarchical-namespaces/internal/version.Version=${HNC_IMG_TAG}" \
+	     ./cmd/kubectl/main.go
+	GOOS=linux GOARCH=arm go build \
+	     -o bin/kubectl/kubectl-hns_linux_arm \
+	     -ldflags="-X sigs.k8s.io/hierarchical-namespaces/internal/version.Version=${HNC_IMG_TAG}" \
+	     ./cmd/kubectl/main.go
 
 # Clean all binaries (manager and kubectl)
 clean: krew-uninstall
@@ -232,6 +240,22 @@ docker-build: generate fmt vet
 	@echo "Warning: this does not run tests. Run 'make test' to ensure tests are passing."
 	docker build . -t ${HNC_IMG}
 
+
+buildx-setup:
+	## This script needs to be run to start the emulator for multiarch builds
+	# This driver translates the instruction set to different platforms 
+	docker run --rm --privileged linuxkit/binfmt:v0.8
+	docker buildx create --use --name=qemu
+	docker buildx inspect --bootstrap
+
+
+# Build and push multi-arch image
+docker-push-multi: buildx-setup generate fmt vet
+	@echo "Warning: this does not run tests. Run 'make test' to ensure tests are passing."
+	docker buildx build \
+	--push \
+	--platform linux/arm64,linux/amd64,linux/arm/v7  --tag ${HNC_IMG} .
+
 ###################### KIND ACTIONS #########################
 
 # Creates a local kind cluster, destroying the old one if necessary.
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
index f3e431a78..6d251317c 100644
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
       - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
         args:
         # The value of --upstream must match the value of --metrics-addr passed
         # to the manager binary in the base config in