diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..0d959a7
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,27 @@
+ARG	TAG
+FROM    public.ecr.aws/zero-downtime/alpine-builder:$TAG
+
+ARG     ALPINE="v3.16"
+ARG     SYSROOT=/home/alpine/sysroot-aarch64
+
+USER    root
+
+# Workaround for apk fetch bug related to `g++-aarch64` name, todo
+RUN	wget https://cdn.zero-downtime.net/alpine/v3.16/kubezero/x86_64/g%2B%2B-aarch64-11.2.1_git20220219-r2.apk && \
+        apk add --no-cache g%2B%2B-aarch64-11.2.1_git20220219-r2.apk && rm -f g%2B%2B-aarch64-11.2.1_git20220219-r2.apk
+
+RUN     apk -U --no-cache add \
+	build-base-aarch64@kubezero
+	# gcc-gnat-aarch64@kubezero
+
+RUN     mkdir -p ${SYSROOT} && \
+        apk -X https://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main -U --allow-untrusted --no-scripts -p ${SYSROOT} --initdb --arch aarch64 add alpine-base && \
+        apk -X https://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main --arch aarch64 -p ${SYSROOT} --allow-untrusted add alpine-keys && \
+	cp /etc/apk/repositories ${SYSROOT}/etc/apk
+
+RUN     apk -U --arch aarch64 -p ${SYSROOT} add \
+        libgcc \
+	libstdc++ \
+	musl-dev
+
+USER    alpine
diff --git a/Dockerfile.stage1 b/Dockerfile.stage1
new file mode 100644
index 0000000..97b0f5b
--- /dev/null
+++ b/Dockerfile.stage1
@@ -0,0 +1,31 @@
+FROM    alpine:3.16
+ARG     ALPINE="v3.16"
+
+RUN     echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main" > /etc/apk/repositories && \
+        echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/community" >> /etc/apk/repositories && \
+        echo "@edge-main http://dl-cdn.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+        echo "@edge-community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \
+	echo "@kubezero https://cdn.zero-downtime.net/alpine/${ALPINE}/kubezero" >> /etc/apk/repositories && \
+	wget -q -O /etc/apk/keys/stefan@zero-downtime.net-61bb6bfb.rsa.pub https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub
+
+RUN     apk -U --no-cache upgrade && \
+        apk --no-cache add \
+        alpine-sdk \
+        lua-aports \
+        doas \
+        pigz \
+        xz
+        # gcc-gnat \
+
+RUN     adduser -D alpine && \
+        addgroup alpine abuild && \
+        echo "permit nopass :abuild" > /etc/doas.d/doas.conf && \
+        install -d -g abuild -m 775 /var/cache/distfiles && \
+        install -d -g abuild -m 775 /packages
+
+COPY    abuilder aarch64-toolchain.sh /usr/bin/
+
+WORKDIR /home/alpine
+USER    alpine
+
+ENTRYPOINT ["abuilder"]
diff --git a/aarch64-toolchain.sh b/aarch64-toolchain.sh
new file mode 100755
index 0000000..70383db
--- /dev/null
+++ b/aarch64-toolchain.sh
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+set -ex
+
+TARGET_ARCH=aarch64
+SUDO_APK=abuild-apk
+APORTS=/home/alpine/aports
+
+export CBUILDROOT="/home/alpine/sysroot-aarch64/"
+export CBUILD="x86_64-alpine-linux-musl"
+
+
+apkbuildname() {
+	local repo="${1%%/*}"
+	local pkg="${1##*/}"
+	[ "$repo" = "$1" ] && repo="main"
+	echo $APORTS/$repo/$pkg/APKBUILD
+}
+
+msg() {
+	[ -n "$quiet" ] && return 0
+	local prompt="$GREEN>>>${NORMAL}"
+	local name="${BLUE}bootstrap-${TARGET_ARCH}${NORMAL}"
+        printf "${prompt} ${name}: %s\n" "$1" >&2
+}
+
+if [ ! -d "$CBUILDROOT" ]; then
+	msg "Creating sysroot in $CBUILDROOT"
+	mkdir -p "$CBUILDROOT/etc/apk/keys"
+	# /etc/apk/keys and ~/.abuild/ can contain files with the same names.
+	# if that is the case, cp will abort copying and fail. Then on the next
+	# run of the bootstrap script, 1) the keys are not in the sysroot and 
+	# 2) the apk database is not initialized the sysroot
+	# Thus it's unusable at that point and needs to be deleted manually.
+	cp -a /etc/apk/keys/* "$CBUILDROOT/etc/apk/keys"
+	cp -a ~/.abuild/*.pub "$CBUILDROOT/etc/apk/keys"
+	${SUDO_APK} add --quiet --initdb --arch $TARGET_ARCH --root $CBUILDROOT
+fi
+
+msg "Building cross-compiler"
+
+# Build and install cross binutils (--with-sysroot)
+CTARGET=$TARGET_ARCH BOOTSTRAP=nobase APKBUILD=$(apkbuildname binutils) abuild -r
+
+if ! CHOST=$TARGET_ARCH BOOTSTRAP=nolibc APKBUILD=$(apkbuildname musl) abuild up2date 2>/dev/null; then
+        # C-library headers for target
+        CHOST=$TARGET_ARCH BOOTSTRAP=nocc APKBUILD=$(apkbuildname musl) abuild -r
+
+        # Minimal cross GCC
+        EXTRADEPENDS_HOST="musl-dev" \
+        CTARGET=$TARGET_ARCH BOOTSTRAP=nolibc APKBUILD=$(apkbuildname gcc) abuild -r
+
+        # Cross build bootstrap C-library for the target
+        EXTRADEPENDS_BUILD="gcc-pass2-$TARGET_ARCH" \
+        CHOST=$TARGET_ARCH BOOTSTRAP=nolibc APKBUILD=$(apkbuildname musl) abuild -r
+fi
+
+# Full cross GCC
+EXTRADEPENDS_TARGET="musl musl-dev" \
+CTARGET=$TARGET_ARCH BOOTSTRAP=nobase APKBUILD=$(apkbuildname gcc) abuild -r
+
+# Cross build-base
+CTARGET=$TARGET_ARCH BOOTSTRAP=nobase APKBUILD=$(apkbuildname build-base) abuild -r
+
+msg "Copying cross toolchain packages into kubezero repository"
+cp packages/main/x86_64/* packages/kubezero/x86_64 && rm packages/kubezero/x86_64/gcc-pass2-aarch64-*.apk
+cd packages/kubezero/x86_64 && apk index -o APKINDEX.tar.gz *.apk && abuild-sign APKINDEX.tar.gz
diff --git a/abuilder b/abuilder
new file mode 100755
index 0000000..b42efc9
--- /dev/null
+++ b/abuilder
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -ex
+
+if [ -d  ~/.abuild ]; then
+  doas cp ~/.abuild/*.rsa.pub /etc/apk/keys/
+fi
+
+doas chown -R alpine:abuild ~/packages /var/cache/distfiles ~/aports
+doas apk update
+
+if [ "$1" == 'debug' ]; then
+  sh
+
+elif [ "$1" == 'aarch64-toolchain' ]; then
+  aarch64-toolchain.sh
+
+else
+  # Set ENV for cross compile for aarch64
+  if [ "$2" == "aarch64" ]; then
+    TARGET_ARCH=aarch64
+    SUDO_APK=abuild-apk
+    APORTS=/home/alpine/aports
+
+    export CBUILDROOT="/home/alpine/sysroot-aarch64/"
+    . /usr/share/abuild/functions.sh
+    export CBUILD
+
+    export CHOST=$TARGET_ARCH
+    export GOARCH=arm64
+    export GOOS=linux
+  fi
+
+  for pkg in ~/$1; do
+    doas chown -R alpine:abuild $(dirname $pkg)
+
+    # If checksum is OK, build package
+    APKBUILD=$pkg abuild verify && rc=$? || rc=$?
+    if [ $rc -eq 0 ]; then
+      APKBUILD=$pkg abuild -r
+
+    else
+      APKBUILD=$pkg abuild checksum
+      echo "Please update your APKBUILD with the following checksums after verification:"
+      . $pkg/APKBUILD && echo $sha512sums
+    fi
+  done
+fi
diff --git a/kubezero/openvpn_exporter/APKBUILD b/kubezero/openvpn_exporter/APKBUILD
index 5e2e20b..e620897 100644
--- a/kubezero/openvpn_exporter/APKBUILD
+++ b/kubezero/openvpn_exporter/APKBUILD
@@ -16,7 +16,7 @@ build() {
 }
 
 package() {
-	install -Dm755 build/openvpn_exporter "$pkgdir"/usr/bin/openvpn_exporter
+  install -Dm755 build/openvpn_exporter "$pkgdir"/usr/bin/openvpn_exporter
 }
 
 sha512sums="