diff --git a/.github/workflows/build-and-upload.yml b/.github/workflows/build-and-upload.yml
index 592718440..dced94f25 100644
--- a/.github/workflows/build-and-upload.yml
+++ b/.github/workflows/build-and-upload.yml
@@ -9,6 +9,8 @@ env:
   ECR_OPERATOR_RELEASE_IMAGE: ${{ vars.ECR_OPERATOR_RELEASE_IMAGE }}
   ECR_TARGET_ALLOCATOR_STAGING_REPO: ${{ vars.ECR_TARGET_ALLOCATOR_STAGING_REPO }}
   ECR_TARGET_ALLOCATOR_RELEASE_REPO: ${{ vars.ECR_TARGET_ALLOCATOR_RELEASE_REPO }}
+  PLATFORMS: linux/amd64,linux/arm64
+  GOPROXY: direct
   
 on:
   workflow_call:
@@ -61,7 +63,6 @@ jobs:
           ref: ${{ inputs.target-sha }}    
           repository: ${{inputs.repository}}
 
-
       - name: Set up Go 1.x
         uses: actions/setup-go@v4
         with:
@@ -87,6 +88,15 @@ jobs:
         if: steps.cached_binaries.outputs.cache-hit == false
         uses: docker/setup-qemu-action@v1
 
+      - name: Build Binaries
+        run: |
+          go mod download
+          for platform in $(echo $PLATFORMS | tr "," "\n"); do
+            arch=${platform#*/}
+            echo "Building operator for $arch"
+            make manager ARCH=$arch
+          done 
+
       - name: Build Cloudwatch Agent Operator Image and push to ECR
         uses: docker/build-push-action@v4
         if: steps.cached_binaries.outputs.cache-hit == false
@@ -94,7 +104,7 @@ jobs:
           file: ./Dockerfile
           context: .
           push: true
-          platforms: linux/amd64, linux/arm64
+          platforms: ${{ env.PLATFORMS }}
           tags: |
            ${{ env.ECR_OPERATOR_STAGING_REPO }}:${{ inputs.tag }}
            ${{ env.ECR_OPERATOR_STAGING_REPO }}:${{ inputs.target-sha }}
@@ -152,7 +162,7 @@ jobs:
           tags: |
            ${{ env.ECR_TARGET_ALLOCATOR_STAGING_REPO }}:${{ inputs.tag }}
            ${{ env.ECR_TARGET_ALLOCATOR_STAGING_REPO }}:${{ inputs.target-sha }}
-          platforms: linux/amd64, linux/arm64
+          platforms: ${{ env.PLATFORMS }}
 
   bypass-info:
     if: ${{ inputs.e2e-test-bypass-link != '' || inputs.e2e-test-bypass-approver != '' }}
@@ -203,4 +213,4 @@ jobs:
         run: |
           docker buildx imagetools create \
           -t ${{ env.ECR_OPERATOR_RELEASE_IMAGE }} \
-          ${{ env.ECR_OPERATOR_STAGING_REPO }}:${{ inputs.tag }}
\ No newline at end of file
+          ${{ env.ECR_OPERATOR_STAGING_REPO }}:${{ inputs.tag }}
diff --git a/Dockerfile b/Dockerfile
index 7bf26e26b..c7e8db94e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,45 +1,21 @@
-# Build the manager binary
-FROM golang:1.22 as builder
-
-# set goproxy=direct
-ENV GOPROXY direct
-
-WORKDIR /workspace
-# Copy the Go Modules manifests
-COPY go.mod go.mod
-COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
-
-# Copy the go source
-COPY main.go main.go
-COPY apis/ apis/
-COPY controllers/ controllers/
-COPY internal/ internal/
-COPY pkg/ pkg/
-COPY versions.txt versions.txt
-
-ARG VERSION_PKG
-ARG VERSION
-ARG VERSION_DATE
-ARG AGENT_VERSION
-ARG AUTO_INSTRUMENTATION_JAVA_VERSION
-ARG AUTO_INSTRUMENTATION_PYTHON_VERSION
-ARG AUTO_INSTRUMENTATION_DOTNET_VERSION
-ARG AUTO_INSTRUMENTATION_NODEJS_VERSION
-ARG DCMG_EXPORTER_VERSION
-ARG NEURON_MONITOR_VERSION
-ARG TARGET_ALLOCATOR_VERSION
-
-# Build
-RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.autoInstrumentationNodeJS=${AUTO_INSTRUMENTATION_NODEJS_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION} -X ${VERSION_PKG}.targetAllocator=${TARGET_ALLOCATOR_VERSION}" -a -o manager main.go
-
-# Use distroless as minimal base image to package the manager binary
-# Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+# Get CA certificates from alpine package repo
+FROM alpine:3.21 as certificates
+
+RUN apk --no-cache add ca-certificates
+
+######## Start a new stage from scratch #######
+FROM scratch
+
+ARG TARGETARCH
+
 WORKDIR /
-COPY --from=builder /workspace/manager .
+
+# Copy the certs from Alpine
+COPY --from=certificates /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+# Copy binary built on the host
+COPY bin/manager_${TARGETARCH} manager
+
 USER 65532:65532
 
 ENTRYPOINT ["/manager"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 07c5f0ea1..42641f900 100644
--- a/Makefile
+++ b/Makefile
@@ -10,6 +10,7 @@ AUTO_INSTRUMENTATION_NODEJS_VERSION ?= "$(shell grep -v '\#' versions.txt | grep
 DCGM_EXPORTER_VERSION ?= "$(shell grep -v '\#' versions.txt | grep dcgm-exporter | awk -F= '{print $$2}')"
 NEURON_MONITOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep neuron-monitor | awk -F= '{print $$2}')"
 TARGET_ALLOCATOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep target-allocator |  awk -F= '{print $$2}')"
+OPERATOR_LDFLAGS ?= -X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.autoInstrumentationNodeJS=${AUTO_INSTRUMENTATION_NODEJS_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION} -X ${VERSION_PKG}.targetAllocator=${TARGET_ALLOCATOR_VERSION}
 
 # Image URL to use all building/pushing image targets
 IMG_PREFIX ?= aws
@@ -101,11 +102,11 @@ test: generate fmt vet envtest
 # Build manager binary
 .PHONY: manager
 manager: generate fmt vet
-	go build -o bin/manager main.go
+	CGO_ENABLED=0 GOOS=linux GO111MODULE=on GOARCH=$(ARCH) go build -o bin/manager_${ARCH} -ldflags "${OPERATOR_LDFLAGS}" main.go
 # Build target allocator binary
 .PHONY: targetallocator
 targetallocator:
-	cd cmd/amazon-cloudwatch-agent-target-allocator && CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(ARCH) go build  -installsuffix cgo -o bin/targetallocator_${ARCH} -ldflags "${LDFLAGS}"  .
+	cd cmd/amazon-cloudwatch-agent-target-allocator && CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(ARCH) go build -installsuffix cgo -o bin/targetallocator_${ARCH} -ldflags "${LDFLAGS}"  .
 
 # Run against the configured Kubernetes cluster in ~/.kube/config
 .PHONY: run
@@ -164,7 +165,7 @@ generate: controller-gen api-docs
 # Build the container image, used only for local dev purposes
 # buildx is used to ensure same results for arm based systems (m1/2 chips)
 .PHONY: container
-container:
+container: manager
 	docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg AUTO_INSTRUMENTATION_NODEJS_VERSION=${AUTO_INSTRUMENTATION_NODEJS_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} --build-arg TARGET_ALLOCATOR_VERSION=${TARGET_ALLOCATOR_VERSION} .
 
 # Push the container image, used only for local dev purposes
@@ -192,7 +193,7 @@ kustomize: ## Download kustomize locally if necessary.
 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
 $(CONTROLLER_GEN): $(LOCALBIN)
-	test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+	GOBIN=$(LOCALBIN) $(call go-get-tool,$(CONTROLLER_GEN), sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION))
 
 .PHONY: goimports
 goimports:
diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile b/cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile
index 1a2b9b7a2..4015c4e74 100644
--- a/cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile
+++ b/cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile
@@ -1,5 +1,5 @@
-# Get CA certificates from the Alpine package repo
-FROM alpine:3.18 as certificates
+# Get CA certificates from alpine package repo
+FROM alpine:3.21 as certificates
 
 RUN apk --no-cache add ca-certificates
 
@@ -16,4 +16,6 @@ COPY --from=certificates /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-ce
 # Copy binary built on the host
 COPY bin/targetallocator_${TARGETARCH} ./main
 
+USER 65532:65532
+
 ENTRYPOINT ["./main"]