diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 836324f..dccdb7b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,6 +11,7 @@ stages:
 
 variables:
   KUBENS: senpy
+  LATEST_IMAGE: "${HUB_REPO}:${CI_COMMIT_SHORT_SHA}"
 
 docker:
   stage: publish
@@ -43,7 +44,7 @@ docker-latest:
     - sed "s/{{PYVERSION}}/$PYTHON_VERSION/" Dockerfile.template > Dockerfile
     - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"},\"https://index.docker.io/v1/\":{\"auth\":\"$HUB_AUTH\"}}}" > /kaniko/.docker/config.json
     # The skip-tls-verify flag is there because our registry certificate is self signed
-    - /kaniko/executor --context $CI_PROJECT_DIR --skip-tls-verify --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $HUB_REPO:$CI_COMMIT_SHORT_SHA
+    - /kaniko/executor --context $CI_PROJECT_DIR --skip-tls-verify --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $LATEST_IMAGE --destination "${HUB_REPO}:latest"
   only:
     refs:
       - master
@@ -103,7 +104,8 @@ latest-demo:
   environment: production
   variables:
     KUBECONFIG: "/kubeconfig"
-    IMAGEWTAG: "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}"
+    # Same image as docker-latest
+    IMAGEWTAG: "${LATEST_IMAGE}"
     KUBEAPP: "senpy"
   script:
   - echo "${KUBECONFIG_RAW}" > $KUBECONFIG