← Back to blog
·2 min read·CI/CD

GitLab CI to Kubernetes: End-to-End Deploy Pipeline

Design a complete CI/CD pipeline from GitLab merge request to Kubernetes production with security gates and GitOps handoff.

Shipping to Kubernetes from GitLab CI is straightforward once you separate build automation from deployment reconciliation. This is the pipeline pattern I use for microservices teams.

Pipeline Overview

Separation of concerns

CI builds and scans artifacts. GitOps (ArgoCD) deploys them. Never run kubectl apply directly from CI in production.

GitLab CI Stages

stages: - validate - test - security - build - publish - deploy variables: IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA build: stage: build script: - docker build -t $IMAGE . - docker push $IMAGE update-gitops: stage: deploy script: - yq -i '.image.tag = strenv(CI_COMMIT_SHA)' environments/staging/values.yaml - git commit -am "deploy: $CI_COMMIT_SHA to staging" - git push only: - main

Promotion Flow

Key Practices

  1. Immutable tags — deploy by digest or commit SHA, never latest
  2. Environment branches — staging auto, production manual or tagged release
  3. Rollback — revert Git commit; ArgoCD reconciles automatically
  4. Secrets — External Secrets Operator, not CI variables in manifests

Conclusion

A clean GitLab → Registry → GitOps → Kubernetes flow gives you auditability, fast rollbacks, and a single source of truth in Git.

Related Articles