diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 9de0876..afec0e0 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -11,6 +11,7 @@ on:
 permissions:
   contents: read
   pages: write
+  # This is required for requesting the JWT
   id-token: write
   # Push container images
   packages: write
@@ -117,6 +118,20 @@ jobs:
         if: ${{ github.event_name != 'pull_request' }}
         run: echo "Image pushed to ${{ steps.push-to-ghcr.outputs.digest }}"
 
+      - name: Get OIDC token
+        id: get-token
+        run: |
+          IDTOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=glvd" | jq -r '.value')
+          echo "idToken=${IDTOKEN}" >> $GITHUB_OUTPUT
+
+      - uses: azure/k8s-set-context@v4
+        with:
+           method: kubeconfig
+           kubeconfig: "${{ secrets.KUBECONFIG }}"
+
+      - name: Deploy the image
+        run: kubectl --namespace default --token "${{ steps.get-token.outputs.idToken }}" set image deploy/glvd glvd-api=ghcr.io/gardenlinux/glvd-api:latest@${{ steps.push-to-ghcr.outputs.digest }}
+
   dependency-submission:
 
     runs-on: ubuntu-24.04