diff --git a/README.md b/README.md
index 5c2ba5372af..0f6462255b6 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ its upstream quay.io source.
 GCP Cloud Build watches this branch.  On every push, it runs the pipeline
 defined in [build/cloudbuild_kube-rbac-proxy.yaml][cloudbuild-file], which
 grabs the source images from `quay.io/brancz/kube-rbac-proxy` and tags them as
-`gcr.io/kubebuilder/kube-rbac-proxy`, with a tag for each arch as well as
+`gcr.io/k8s-staging-kubebuilder/kube-rbac-proxy`, with a tag for each arch as well as
 a single manifest bundle of:
 
 - amd64
@@ -21,7 +21,15 @@ a single manifest bundle of:
 - ppc64le
 - s390x
 
-There's also a helper script in [build/thirdparty](build/thirdparty) to assist in the process.
+Then, once the image be build it should be promoted via https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/images/k8s-staging-kubebuilder/images.yaml
+and once this gets merged, the images will be available on registry.k8s.io/kubebuilder/image. This Cloudbuild
+manifest is started via prow in https://github.com/kubernetes/test-infra/tree/master/config/jobs/image-pushing.
+
+**NOTE** Previously, the images were rebuilt as gcr.io/kubebuilder/kube-rbac-proxy. The job
+to trigger them were present [here](https://console.cloud.google.com/gcr/images/kubebuilder/global/kube-rbac-proxy)
+which has been kept as legacy until we be able to ensure the transition to the new
+k8s registry.
+
 
 To update, simply update the variable at the top of the [cloudbuild file][cloudbuild-file], 
 then submit a PR against this branch.
diff --git a/build-legacy/build.sh b/build-legacy/build.sh
new file mode 100755
index 00000000000..63dceae6f2e
--- /dev/null
+++ b/build-legacy/build.sh
@@ -0,0 +1,50 @@
+#  Copyright 2021 The Kubernetes Authors.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+#!/usr/bin/env bash
+
+# This script effectively retags the quay.io/brancz/kube-rbac-proxy image
+# as a grc.io/kubebuilder registry image and pushes it (and all constituent images).
+# This script cannot be inlined due to:
+# https://github.com/GoogleCloudPlatform/cloud-build-local/issues/129
+
+set -eu
+
+SOURCE_IMAGE_TAG="quay.io/brancz/kube-rbac-proxy:${KUBE_RBAC_PROXY_VERSION}"
+TARGET_IMAGE_TAG="gcr.io/kubebuilder/kube-rbac-proxy:${KUBE_RBAC_PROXY_VERSION}"
+
+# Each arch to pull an image for.
+declare ARCHES
+ARCHES=( amd64 arm64 ppc64le s390x )
+
+declare IMAGES
+for a in ${ARCHES[@]}; do
+  docker pull "${SOURCE_IMAGE_TAG}-$a"
+  docker tag "${SOURCE_IMAGE_TAG}-$a" "${TARGET_IMAGE_TAG}-$a"
+  # These images must exist remotely to build a manifest list.
+  docker push "${TARGET_IMAGE_TAG}-$a"
+  # weird syntax for bash<4.4
+  IMAGES=( ${IMAGES[@]+"${IMAGES[@]}"} "${TARGET_IMAGE_TAG}-$a" )
+done
+
+# `manifest` is an experimental CLI feature.
+export DOCKER_CLI_EXPERIMENTAL=enabled
+
+# If $TARGET_IMAGE_TAG exists, `manifest create` will fail.
+docker manifest rm "$TARGET_IMAGE_TAG" || true
+docker manifest create "$TARGET_IMAGE_TAG" ${IMAGES[@]}
+for a in ${ARCHES[@]}; do
+  docker manifest annotate "$TARGET_IMAGE_TAG" "${TARGET_IMAGE_TAG}-$a" --arch $a
+done
+docker manifest push "$TARGET_IMAGE_TAG"
diff --git a/build-legacy/cloudbuild_kube-rbac-proxy.yaml b/build-legacy/cloudbuild_kube-rbac-proxy.yaml
new file mode 100644
index 00000000000..fa3ccac4696
--- /dev/null
+++ b/build-legacy/cloudbuild_kube-rbac-proxy.yaml
@@ -0,0 +1,24 @@
+#  Copyright 2021 The Kubernetes Authors.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+substitutions:
+  # This is the kube-rbac-proxy version, source image tags for which must exist remotely.
+  _KUBE_RBAC_PROXY_VERSION: v0.14.1
+steps:
+- name: "gcr.io/cloud-builders/docker"
+  env:
+  - "KUBE_RBAC_PROXY_VERSION=${_KUBE_RBAC_PROXY_VERSION}"
+  entrypoint: "/usr/bin/env"
+  args: ["bash", "-c", "./build-legacy/build.sh"]
+images: ["gcr.io/kubebuilder/kube-rbac-proxy:${_KUBE_RBAC_PROXY_VERSION}"]
diff --git a/build/build.sh b/build/build.sh
index 63dceae6f2e..5141c069e5c 100755
--- a/build/build.sh
+++ b/build/build.sh
@@ -22,7 +22,7 @@
 set -eu
 
 SOURCE_IMAGE_TAG="quay.io/brancz/kube-rbac-proxy:${KUBE_RBAC_PROXY_VERSION}"
-TARGET_IMAGE_TAG="gcr.io/kubebuilder/kube-rbac-proxy:${KUBE_RBAC_PROXY_VERSION}"
+TARGET_IMAGE_TAG="gcr.io/k8s-staging-kubebuilder/kube-rbac-proxy:${KUBE_RBAC_PROXY_VERSION}"
 
 # Each arch to pull an image for.
 declare ARCHES
diff --git a/build/cloudbuild_kube-rbac-proxy.yaml b/build/cloudbuild_kube-rbac-proxy.yaml
index d765d20e7e8..1e734b57cca 100644
--- a/build/cloudbuild_kube-rbac-proxy.yaml
+++ b/build/cloudbuild_kube-rbac-proxy.yaml
@@ -16,9 +16,14 @@ substitutions:
   # This is the kube-rbac-proxy version, source image tags for which must exist remotely.
   _KUBE_RBAC_PROXY_VERSION: v0.14.1
 steps:
-- name: "gcr.io/cloud-builders/docker"
+- name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90'
   env:
   - "KUBE_RBAC_PROXY_VERSION=${_KUBE_RBAC_PROXY_VERSION}"
   entrypoint: "/usr/bin/env"
-  args: ["bash", "-c", "./build/build.sh"]
-images: ["gcr.io/kubebuilder/kube-rbac-proxy:${_KUBE_RBAC_PROXY_VERSION}"]
+  args:
+    - bash
+    - -c
+    - |
+      gcloud auth configure-docker \
+      && ./build/build.sh
+images: ["gcr.io/k8s-staging-kubebuilder/kube-rbac-proxy:${_KUBE_RBAC_PROXY_VERSION}"]