diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5406a94f..2daedfa3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -51,3 +51,5 @@ jobs:
         env:
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Update krew-index
+        uses: rajatjindal/krew-release-bot@v0.0.46
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 02a3adc5..af4a05b8 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -48,7 +48,7 @@ dockers:
       - "ghcr.io/google/{{ .ProjectName }}:{{ .ShortCommit }}" 
 archives:
   - format: zip
-    name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    name_template: "{{ .ProjectName }}_{{ .Tag }}_{{ .Os }}_{{ .Arch }}"
     builds:
       - gke-policy
     files:
@@ -56,7 +56,7 @@ archives:
       - README*
       - CHANGELOG*
 checksum:
-  name_template: "{{ .ProjectName }}_{{ .Version }}_SHA256SUMS"
+  name_template: "{{ .ProjectName }}_{{ .Tag }}_SHA256SUMS"
   algorithm: sha256
 signs:
   - artifacts: checksum
diff --git a/.krew.yaml b/.krew.yaml
new file mode 100644
index 00000000..1dfd2f3c
--- /dev/null
+++ b/.krew.yaml
@@ -0,0 +1,58 @@
+apiVersion: krew.googlecontainertools.github.com/v1alpha2
+kind: Plugin
+metadata:
+  name: gke-policy
+spec:
+  shortDescription: Validates GKE clusters configuration
+  homepage: https://github.com/google/gke-policy-automation
+  description: |
+    Tool and policy library for validating Google Kubernetes Engine clusters
+    against the configuration best practices and scalability limits.
+  caveats: |
+    The plugin requires Google Cloud credentials to work.
+    Use "gcloud auth application-default login" command to authenticate or
+    specify credentials file as an argument.
+  version: {{ .TagName }}
+  platforms:
+    - bin: gke-policy
+      selector:
+        matchLabels:
+          os: linux
+          arch: arm
+      {{addURIAndSha "https://github.com/google/gke-policy-automation/releases/download/{{ .TagName }}/gke-policy-automation_{{ .TagName }}_linux_arm.zip" .TagName }}
+    - bin: gke-policy
+      selector:
+        matchLabels:
+          os: linux
+          arch: amd64
+      {{addURIAndSha "https://github.com/google/gke-policy-automation/releases/download/{{ .TagName }}/gke-policy-automation_{{ .TagName }}_linux_amd64.zip" .TagName }}
+    - bin: gke-policy
+      selector:
+        matchLabels:
+          os: linux
+          arch: arm64
+      {{addURIAndSha "https://github.com/google/gke-policy-automation/releases/download/{{ .TagName }}/gke-policy-automation_{{ .TagName }}_linux_arm64.zip" .TagName }}
+    - bin: gke-policy.exe
+      selector:
+        matchLabels:
+          os: windows
+          arch: 386
+      {{addURIAndSha "https://github.com/google/gke-policy-automation/releases/download/{{ .TagName }}/gke-policy-automation_{{ .TagName }}_windows_386.zip" .TagName }}
+    - bin: gke-policy.exe
+      selector:
+        matchLabels:
+          os: windows
+          arch: amd64
+      {{addURIAndSha "https://github.com/google/gke-policy-automation/releases/download/{{ .TagName }}/gke-policy-automation_{{ .TagName }}_windows_amd64.zip" .TagName }}
+    - bin: gke-policy
+      selector:
+        matchLabels:
+          os: darwin
+          arch: amd64
+      {{addURIAndSha "https://github.com/google/gke-policy-automation/releases/download/{{ .TagName }}/gke-policy-automation_{{ .TagName }}_darwin_amd64.zip" .TagName }}
+    - bin: gke-policy
+      selector:
+        matchLabels:
+          os: darwin
+          arch: arm64
+      {{addURIAndSha "https://github.com/google/gke-policy-automation/releases/download/{{ .TagName }}/gke-policy-automation_{{ .TagName }}_darwin_arm64.zip" .TagName }}
diff --git a/README.md b/README.md
index 1aa21ec4..05594e8b 100644
--- a/README.md
+++ b/README.md
@@ -49,6 +49,15 @@ docker run --rm ghcr.io/google/gke-policy-automation check \
 -project my-project -location europe-west2 -name my-cluster
 ```
 
+### Krew
+
+The GKE Policy Automation is available as a [Krew](https://krew.sigs.k8s.io) plugin.
+
+```sh
+kubectl krew install gke-policy
+kubectl gke-policy check --discovery -p my-project
+```
+
 ### Binary
 
 Binaries for Linux, Windows and Mac are available as tarballs in the
diff --git a/scripts/license_header_check.py b/scripts/license_header_check.py
index 00a91d3c..cdfb9de0 100644
--- a/scripts/license_header_check.py
+++ b/scripts/license_header_check.py
@@ -28,13 +28,13 @@
 
 _EXCLUDE_DIRS = ('.git', '.terraform')
 _EXCLUDE_RE = re.compile(r'# skip boilerplate check')
+_EXCLUDE_FILES = {".krew.yaml"}
 _MATCH_FILES = ('Dockerfile', '.py', '.sh', '.tf', '.yaml', '.yml', '.go', '.rego')
 _MATCH_STRING = (r'^\s*([#\*]|[/]{2})\sCopyright [0-9]{4} Google LLC$\s+([#\*]|[/]{2})\s+'
                  r'([#\*]|[/]{2})\sLicensed under the Apache License, Version 2.0 '
                  r'\(the "License"\);\s+')
 _MATCH_RE = re.compile(_MATCH_STRING, re.M)
 
-
 def main(base_dirs):
   "Cycle through files in base_dirs and check for the Apache 2.0 boilerplate."
   errors, warnings = [], []
@@ -45,6 +45,9 @@ def main(base_dirs):
         if fname in _MATCH_FILES or os.path.splitext(fname)[1] in _MATCH_FILES:
           fpath = os.path.abspath(os.path.join(root, fname))
           content = open(fpath).read()
+          relPath = os.path.relpath(fpath, dir)
+          if relPath in _EXCLUDE_FILES:
+            continue
           if _EXCLUDE_RE.search(content):
             continue
           try: