diff --git a/.github/Dockerfile-release b/.github/Dockerfile-release
index 5a3615f4a..ab1d2380c 100644
--- a/.github/Dockerfile-release
+++ b/.github/Dockerfile-release
@@ -1,7 +1,9 @@
+ARG ARCH
+
 FROM busybox:latest as build
 RUN touch /config.yaml
 
-FROM gcr.io/distroless/base
+FROM gcr.io/distroless/base-debian10:latest-${ARCH}
 ENV AUTOCERT_DIR /data/autocert
 WORKDIR /pomerium
 COPY pomerium* /bin/
diff --git a/.github/Dockerfile-release.arm32v6 b/.github/Dockerfile-release.arm32v6
deleted file mode 100644
index f695f051e..000000000
--- a/.github/Dockerfile-release.arm32v6
+++ /dev/null
@@ -1,12 +0,0 @@
-FROM busybox:latest as build
-RUN touch /config.yaml
-
-FROM arm32v7/alpine
-ENV AUTOCERT_DIR /data/autocert
-WORKDIR /pomerium
-COPY --from=multiarch/qemu-user-static /usr/bin/qemu-aarch64-static /usr/bin/
-RUN apk --no-cache add ca-certificates
-COPY pomerium* /bin/
-COPY --from=build /config.yaml /pomerium/config.yaml
-ENTRYPOINT [ "/bin/pomerium" ]
-CMD ["-config","/pomerium/config.yaml"]
diff --git a/.github/Dockerfile-release.arm32v7 b/.github/Dockerfile-release.arm32v7
deleted file mode 100644
index f695f051e..000000000
--- a/.github/Dockerfile-release.arm32v7
+++ /dev/null
@@ -1,12 +0,0 @@
-FROM busybox:latest as build
-RUN touch /config.yaml
-
-FROM arm32v7/alpine
-ENV AUTOCERT_DIR /data/autocert
-WORKDIR /pomerium
-COPY --from=multiarch/qemu-user-static /usr/bin/qemu-aarch64-static /usr/bin/
-RUN apk --no-cache add ca-certificates
-COPY pomerium* /bin/
-COPY --from=build /config.yaml /pomerium/config.yaml
-ENTRYPOINT [ "/bin/pomerium" ]
-CMD ["-config","/pomerium/config.yaml"]
diff --git a/.github/Dockerfile-release.arm64v8 b/.github/Dockerfile-release.arm64v8
deleted file mode 100644
index 75e8e500a..000000000
--- a/.github/Dockerfile-release.arm64v8
+++ /dev/null
@@ -1,12 +0,0 @@
-FROM busybox:latest as build
-RUN touch /config.yaml
-
-FROM arm64v8/alpine
-ENV AUTOCERT_DIR /data/autocert
-WORKDIR /pomerium
-COPY --from=multiarch/qemu-user-static /usr/bin/qemu-aarch64-static /usr/bin/
-RUN apk --no-cache add ca-certificates
-COPY pomerium* /bin/
-COPY --from=build /config.yaml /pomerium/config.yaml
-ENTRYPOINT [ "/bin/pomerium" ]
-CMD ["-config","/pomerium/config.yaml"]
diff --git a/.github/goreleaser.yaml b/.github/goreleaser.yaml
index 1fd4861b2..49ed5b955 100644
--- a/.github/goreleaser.yaml
+++ b/.github/goreleaser.yaml
@@ -101,13 +101,14 @@ snapshot:
 
 dockers:
   - image_templates:
-      - "pomerium/pomerium:{{ .Tag }}"
+      - "pomerium/pomerium:amd64-{{ .Tag }}"
     dockerfile: .github/Dockerfile-release
     binaries:
       - pomerium
       - pomerium-cli
     build_flag_templates:
       - "--pull"
+      - "--build-arg=ARCH=amd64"
       - "--label=org.opencontainers.image.created={{.Date}}"
       - "--label=org.opencontainers.image.name={{.ProjectName}}"
       - "--label=org.opencontainers.image.revision={{.FullCommit}}"
@@ -134,12 +135,13 @@ dockers:
   - goarch: arm64
     image_templates:
       - "pomerium/pomerium:arm64v8-{{ .Tag }}"
-    dockerfile: .github/Dockerfile-release.arm64v8
+    dockerfile: .github/Dockerfile-release
     binaries:
       - pomerium
       - pomerium-cli
     build_flag_templates:
       - "--pull"
+      - "--build-arg=ARCH=arm64"
       - "--label=org.opencontainers.image.created={{.Date}}"
       - "--label=org.opencontainers.image.name={{.ProjectName}}"
       - "--label=org.opencontainers.image.revision={{.FullCommit}}"
@@ -148,6 +150,12 @@ dockers:
       - "--label=repository=http://github.com/pomerium/pomerium"
       - "--label=homepage=http://www.pomerium.io"
 
+docker_manifests:
+  - name_template: "pomerium/pomerium:{{ .Tag }}"
+    image_templates:
+      - pomerium/pomerium:arm64v8-{{ .Tag }}
+      - pomerium/pomerium:amd64-{{ .Tag }}
+
 brews:
   - # Name template of the recipe
     name: pomerium-cli
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 35735f40e..7b206f1d1 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -8,11 +8,15 @@ on:
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
+    env:
+      DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+
       - name: Unshallow
         run: git fetch --prune --unshallow
+
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
diff --git a/docs/docs/upgrading.md b/docs/docs/upgrading.md
index c364bf281..7acc0f12f 100644
--- a/docs/docs/upgrading.md
+++ b/docs/docs/upgrading.md
@@ -18,6 +18,12 @@ With the v0.11.0 release, user impersonation by administrators is now disabled b
 
 The `cache_service_url` parameter has been deprecated since v0.10.0 and is now removed.  Please replace it with `databroker_service_url` in your yaml configuration, or `DATABROKER_SERVICE_URL` as an environment variable.
 
+## New
+
+### Docker Multi-Arch Images
+
+With the v0.11.0 release, Pomerium docker images are multi-arch for `arm64` and `amd64`.  Individual images for each architecture will continue to be published.
+
 # Since 0.9.0
 
 ## Breaking