Set Up a CI/CD Pipeline for Kubernetes: Complete Guide

TL;DR: A Kubernetes CI/CD pipeline automates building, testing, and deploying your containerized applications. This guide walks you through step by step, from configuring your environment to production deployment, with verifiable commands and solutions to common problems.

To master these skills, discover the LFS458 Kubernetes Administration training.

What is a CI/CD pipeline for Kubernetes?

A Kubernetes CI/CD pipeline is an automated set of processes that compiles your code, builds container images, runs tests, and deploys your applications to a Kubernetes cluster without manual intervention. For any infrastructure engineer taking Kubernetes training, this skill is a fundamental prerequisite.

According to the State of Kubernetes 2025 report from Spectro Cloud, 80% of organizations run Kubernetes in production with an average of over 20 clusters. Without CI/CD automation, you cannot manage this complexity.

Key takeaway: Kubernetes continuous deployment reduces human errors and accelerates your time-to-market. IT teams spend an average of 34 working days per year solving Kubernetes problems (Cloud Native Now).

Prerequisites before starting

Before configuring your pipeline, verify you have:

Run this command to validate your environment:

kubectl cluster-info && docker info --format '{{.ServerVersion}}' && helm version --short
# Expected result:
# Kubernetes control plane is running at https://your-cluster:6443
# 24.0.7
# v3.14.0+g3fc9f4b

You also need an account on an image registry (Docker Hub, Harbor, or your private registry) and access to a CI/CD platform (GitLab CI, GitHub Actions, Jenkins, or ArgoCD).

Step 1: Prepare your cluster for continuous deployment

Create a dedicated namespace

Isolate your CI/CD deployments in a specific namespace. This avoids conflicts with your other workloads:

kubectl create namespace cicd-demo
kubectl config set-context --current --namespace=cicd-demo
# Expected result:
# namespace/cicd-demo created
# Context "your-context" modified.

Configure secrets for the image registry

Your pipeline must be able to push and pull images. Create a Docker secret:

kubectl create secret docker-registry regcred \
--docker-server=https://index.docker.io/v1/ \
--docker-username=YOUR_USERNAME \
--docker-password=YOUR_TOKEN \
--docker-email=your@email.com \
-n cicd-demo
# Expected result:
# secret/regcred created

Verification: Confirm your secret exists:

kubectl get secrets -n cicd-demo
# NAME      TYPE                             DATA   AGE
# regcred   kubernetes.io/dockerconfigjson   1      10s

Key takeaway: Never store credentials in plaintext in your YAML files. Use Kubernetes secrets or an external manager like Vault.

Step 2: Structure your application for Kubernetes

Create an optimized Dockerfile

A Dockerfile is a text file containing instructions to build a container image. Here's a multi-stage example that reduces your image size:

# Build stage
FROM golang:1.22-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o main .

# Production stage
FROM alpine:3.19
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /app/main .
EXPOSE 8080
CMD ["./main"]

Prepare Kubernetes manifests

Create a deployment.yaml file for your application:

apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-app
namespace: cicd-demo
spec:
replicas: 3
selector:
matchLabels:
app: demo-app
template:
metadata:
labels:
app: demo-app
spec:
imagePullSecrets:
- name: regcred
containers:
- name: demo-app
image: your-registry/demo-app:latest
ports:
- containerPort: 8080
resources:
requests:
memory: "64Mi"
cpu: "100m"
limits:
memory: "128Mi"
cpu: "200m"

For deeper deployment strategies, consult our guide on Kubernetes multi-environment management.

Step 3: Configure your CI pipeline with GitHub Actions

Create the build workflow

A CI workflow is a series of automated steps triggered by a Git event (push, pull request). Create .github/workflows/ci.yaml:

name: CI Pipeline
on:
push:
branches: [main, develop]
pull_request:
branches: [main]

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Run tests
run: go test -v ./...

- name: Build image
run: docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} .

- name: Login to registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Push image
run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}

Verification: After a push, check execution in the Actions tab of your GitHub repository.

For a detailed tool comparison, consult our CI/CD tools comparison for Kubernetes 2026.

Step 4: Automate deployment with ArgoCD

Install ArgoCD on your cluster

ArgoCD is a GitOps tool that automatically syncs your cluster state with your Git repository. Install it:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# Expected result:
# namespace/argocd created
# customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
# [...several resources created...]

Wait for all pods to be ready:

kubectl wait --for=condition=Ready pods --all -n argocd --timeout=300s

Configure your first application

Create an ArgoCD Application that points to your repository:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: demo-app
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/your-org/demo-app.git
targetRevision: main
path: k8s
destination:
server: https://kubernetes.default.svc
namespace: cicd-demo
syncPolicy:
automated:
prune: true
selfHeal: true

Apply this configuration:

kubectl apply -f argocd-app.yaml
# Expected result:
# application.argoproj.io/demo-app created

To understand the differences between GitOps tools, read our analysis ArgoCD vs FluxCD.

Key takeaway: With GitOps, your Git repository becomes the single source of truth. Every change goes through a pull request, ensuring traceability and auditability.

Step 5: Implement tests and validations in your Kubernetes CI/CD pipeline

Add security tests

Integrate Trivy to scan your images before deployment:

- name: Scan image with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
format: 'table'
exit-code: '1'
severity: 'CRITICAL,HIGH'

According to Orca Security 2025, 70% of organizations use Kubernetes in the cloud, mostly with Helm. You should scan your Helm charts as well.

Validate your manifests with Kustomize

A Kustomize build is a command that generates and validates your Kubernetes manifests before deployment:

kustomize build k8s/overlays/production | kubectl apply --dry-run=client -f -
# Expected result:
# deployment.apps/demo-app configured (dry run)
# service/demo-app configured (dry run)

This validation lets you detect syntax errors before they reach your cluster.

Step 6: Monitor and troubleshoot your pipeline

Configure notifications

Add Slack alerts to track your deployments:

- name: Notify Slack
if: always()
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
fields: repo,message,commit,author,action,eventName,workflow
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

Check your deployment status

Use these commands to diagnose your deployments:

# Deployment status
kubectl rollout status deployment/demo-app -n cicd-demo
# Expected result:
# deployment "demo-app" successfully rolled out

# Revision history
kubectl rollout history deployment/demo-app -n cicd-demo

# Recent pod logs
kubectl logs -l app=demo-app -n cicd-demo --tail=50

For deeper monitoring, consult our section on Kubernetes monitoring and troubleshooting.

According to Grafana Labs, 75% of teams use Prometheus and Grafana to monitor their Kubernetes clusters.

Troubleshooting: Resolving common problems

# Quick diagnosis of a pod in error
kubectl describe pod <pod-name> -n cicd-demo | grep -A 10 "Events:"

For engineers preparing for certification, these continuous deployment skills are covered in the LFD459 training for developers.

Best practices for your Kubernetes infrastructure engineer training

Apply these principles in your pipeline:

• Immutability: Each build produces an image with a unique tag (commit SHA)
• Declarative: Your manifests describe the desired state, not the steps to get there
• Versioned: All your infrastructure code is in Git

To go further with GitOps principles, explore our guide GitOps and Kubernetes: principles, tools and implementation.

Next steps to automate your Kubernetes deployment

You now have a functional CI/CD pipeline. To consolidate your skills:

1. Add environments: staging, production with Kustomize overlays
2. Implement automatic rollbacks: ArgoCD can cancel deployments that fail health checks
3. Integrate security: policy-as-code with OPA Gatekeeper

Discover feedback in our Kubernetes training reviews and consult our complete Kubernetes Training guide.

---

Accelerate your skill development

SFEIR Institute offers official Linux Foundation training to master Kubernetes continuous deployment:

• LFS458 Kubernetes Administration: 4 days to prepare for CKA certification
• LFD459 Kubernetes for Developers: 3 days to prepare for CKAD certification
• Kubernetes Fundamentals: 1 day to discover Kubernetes

Upcoming sessions available: consult the training calendar or contact our advisors for a personalized path.