diff --git a/.travis.yml b/.travis.yml
index 18732e28..4ecce42c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,5 +1,6 @@
 sudo: required
 language: minimal
+dist: trusty
 services:
   - docker
 git:
@@ -9,6 +10,7 @@ env:
     - PROD_IMAGE_NAME=atst-prod
     - TESTER_IMAGE1_NAME=atst-tester-nocrls
     - TESTER_IMAGE2_NAME=atst-tester
+    - GIT_SHA="$(git rev-parse --short HEAD)"
 cache:
   directories:
     - crl
@@ -18,9 +20,10 @@ before_install:
   - sed -i 's/git@github.com:/https:\/\/github.com\//' .gitmodules
   # Manually initialize submodules
   - git submodule update --init --recursive
+install:
+  - curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v1.10.4/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/
 
 before_script:
-  - rm -rf ./crl/*
   - docker run -d --name postgres96 postgres:9.6-alpine
   - docker run -d --name redis redis:4.0.10-alpine
   - docker run --link postgres96:postgres96 --link redis:redis waisbrot/wait
@@ -43,14 +46,13 @@ script:
 
 before_deploy:
   - docker build --tag "${PROD_IMAGE_NAME}" . -f deploy/docker/prod/Dockerfile
-  - git_sha="$(git rev-parse --short HEAD)"
-  - remote_image_name="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${git_sha}"
+  - remote_image_name="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}"
   - docker tag "${PROD_IMAGE_NAME}" "${remote_image_name}"
   - docker images
   - docker push "${remote_image_name}"
 
 deploy:
   provider: script
-  script: echo "** Image push only for now... stay tuned! **"
+  script: deploy/kubernetes/atst-update-deploy.sh
   on:
     branch: master
diff --git a/deploy/kubernetes/atst-travis-deployer.yml b/deploy/kubernetes/atst-travis-deployer.yml
new file mode 100644
index 00000000..4dd063b2
--- /dev/null
+++ b/deploy/kubernetes/atst-travis-deployer.yml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: atat-deployer
+  namespace: atat
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  namespace: atat
+  name: travis-deploy-role
+rules:
+- apiGroups: ["extensions", "apps"]
+  resources: ["deployments"]
+  verbs: ["get", "watch", "create", "update", "patch"]
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "create", "update", "patch"]
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["get", "create", "update", "patch"]
+- apiGroups: ["extensions", "apps"]
+  resources: ["ingresses"]
+  verbs: ["get", "create", "update", "patch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: travis-role-binding
+  namespace: atat
+subjects:
+- kind: ServiceAccount
+  name: atat-deployer
+  namespace: atat
+roleRef:
+  kind: Role
+  name: travis-deploy-role
+  apiGroup: rbac.authorization.k8s.io
diff --git a/deploy/kubernetes/atst-update-deploy.sh b/deploy/kubernetes/atst-update-deploy.sh
new file mode 100755
index 00000000..f83bbe01
--- /dev/null
+++ b/deploy/kubernetes/atst-update-deploy.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+#
+# deploy/kubernetes/atst-update-deploy.sh: Updates the existing ATST deployment
+#                                          with a new source image
+
+set -o pipefail
+set -o errexit
+set -o nounset
+# set -o xtrace
+
+# Decode and save the K8S CA cert
+echo "${K8S_CA_CRT}" | base64 --decode -i > "${HOME}/k8s_ca.crt"
+
+# Setup the local kubectl client
+kubectl config set-context travis \
+    --cluster=atat-cluster \
+    --user=atat-deployer \
+    --namespace=atat
+
+kubectl config set-cluster atat-cluster \
+    --embed-certs=true \
+    --server="${K8S_ENDPOINT}"  \
+    --certificate-authority="${HOME}/k8s_ca.crt"
+
+kubectl config set-credentials atat-deployer --token=`echo ${K8S_USER_TOKEN} | base64 --decode`
+
+kubectl config use-context travis
+kubectl config current-context
+
+# Update the ATST deployment
+kubectl -n atat set image deployment.apps/atst atst="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}"
+
+# Wait for deployment to finish
+kubectl -n atat rollout status deployment/atst
+
+# Remove the K8S CA file when the script exits
+function cleanup {
+    printf "Cleaning up...\n"
+    rm -vf "${HOME}/k8s_ca.crt"
+    printf "Cleaning done."
+}
+
+trap cleanup EXIT
diff --git a/deploy/kubernetes/atst.yml b/deploy/kubernetes/atst.yml
index c62d7a6a..d06b7a1f 100644
--- a/deploy/kubernetes/atst.yml
+++ b/deploy/kubernetes/atst.yml
@@ -24,10 +24,10 @@ spec:
         fsGroup: 101
       containers:
         - name: atst
-          image: registry.atat.codes:443/atst-prod:a1916b1
+          image: registry.atat.codes:443/atst-prod:23e5c04
           resources:
             requests:
-               memory: "2500Mi"
+               memory: "6000Mi"
           envFrom:
           - configMapRef:
               name: atst-envvars