diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..2872890
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,62 @@
+stages:
+  - auth
+  - build
+  - publish
+  - deploy
+
+auth-job:
+  stage: auth
+  image: docker:stable
+  script:
+    - docker login --username "$REGISTRY_USER" --password "$REGISTRY_PASSWORD" "$REGISTRY_BASE_URL"
+    - cp "/root/.docker/config.json" "./build/.dockerconfigjson"
+  artifacts:
+    paths:
+      - build/.dockerconfigjson
+
+build-job:
+  stage: build
+  image: docker:stable
+  tags:
+    - docker
+  script:
+    - docker -H unix:///var/run/docker.sock image build -t "$REGISTRY_BASE_URL/$DOCKER_IMAGE_NAME:$CI_COMMIT_SHORT_SHA" ./
+
+publish-job:
+  stage: publish
+  image: docker:stable
+  needs:
+    - auth-job
+    - build-job
+  dependencies:
+    - auth-job
+  tags:
+    - docker
+  script:
+    - mkdir "/root/.docker/"
+    - cp "./build/.dockerconfigjson" "/root/.docker/config.json"
+    - docker -H unix:///var/run/docker.sock image push "$REGISTRY_BASE_URL/$DOCKER_IMAGE_NAME:$CI_COMMIT_SHORT_SHA"
+
+deploy-job:
+  stage: deploy
+  only:
+    refs:
+      - master
+  when: manual
+  image: google/cloud-sdk
+  needs:
+    - auth-job
+    - publish-job
+  dependencies:
+    - auth-job
+  script:
+    - export KUBECONFIG="$KUBE_AUTH"
+    - cp "$ENV_PRODUCTION" "./build/.env.production"
+    - cp "$MYSQL_ENV" "./build/mysql-secret.env"
+    - cd "./build"
+    - sed -i "s/DOCKER_IMAGE_TAG/${CI_COMMIT_SHORT_SHA}/g" kustomization.yaml
+    - kubectl apply -k ./
+    - echo "Waiting for deployment..."
+    - sleep 30
+    - WEBSITE_POD=$(kubectl get pod -l "$KUBE_POD_LABELS" -n "$KUBE_NAMESPACE" -o jsonpath="{.items[0].metadata.name}")
+    - kubectl delete -n "$KUBE_NAMESPACE" pod "$WEBSITE_POD"
diff --git a/build/k3s.yaml b/build/k3s.yaml
index 727bab5..a05a094 100644
--- a/build/k3s.yaml
+++ b/build/k3s.yaml
@@ -73,7 +73,7 @@ spec:
         tier: website
     spec:
       containers:
-        - image: registry.chaoticlogic.us/daniel-website:latest
+        - image: website-image
           imagePullPolicy: Always
           name: website
           ports:
diff --git a/build/kustomization.yaml b/build/kustomization.yaml
index 1bfbbf6..c11f8d9 100644
--- a/build/kustomization.yaml
+++ b/build/kustomization.yaml
@@ -15,3 +15,7 @@ secretGenerator:
   namespace: portfolio
   envs:
   - mysql-secret.env
+images:
+  - name: website-image
+    newName: registry.chaoticlogic.us/daniel-website
+    newTag: DOCKER_IMAGE_TAG