diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
new file mode 100644
index 00000000..1a8d36e9
--- /dev/null
+++ b/.github/workflows/e2e.yaml
@@ -0,0 +1,47 @@
+name: e2e
+
+on:
+  push:
+    branches-ignore:
+      - 'main'
+    tags-ignore:
+      - '*'
+
+jobs:
+  kubernetes:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup tools
+        uses: ./.github/actions/tools
+      - name: Setup Flux
+        uses: fluxcd/flux2/action@main
+      - name: Setup Kubernetes
+        uses: engineerd/setup-kind@v0.5.0
+      - name: Install Flux in Kubernetes Kind
+        run: flux install
+      - name: Setup cluster reconciliation
+        run: |
+          flux create source git flux-system \
+          --url=${{ github.event.repository.html_url }} \
+          --branch=${GITHUB_REF#refs/heads/}
+          flux create kustomization flux-system \
+          --source=flux-system \
+          --path=./clusters/staging
+      - name: Verify cluster reconciliation
+        run: |
+          kubectl -n flux-system wait kustomization/kyverno --for=condition=ready --timeout=1m
+          kubectl -n flux-system wait kustomization/kyverno-policies --for=condition=ready --timeout=1m
+          kubectl -n flux-system wait kustomization/tenants --for=condition=ready --timeout=1m
+      - name: Verify tenant reconciliation
+        run: |
+          kubectl -n apps wait kustomization/dev-team --for=condition=ready --timeout=1m
+          kubectl -n apps wait helmrelease/podinfo --for=condition=ready --timeout=1m
+      - name: Debug failure
+        if: failure()
+        run: |
+          kubectl -n flux-system get all
+          kubectl -n flux-system logs deploy/source-controller
+          kubectl -n flux-system logs deploy/kustomize-controller
+          kubectl -n flux-system logs deploy/helm-controller
diff --git a/README.md b/README.md
index 4a79e4b6..9106abab 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,9 @@
 # flux2-multi-tenancy
 
+[![test](https://github.com/fluxcd/flux2-multi-tenancy/workflows/test/badge.svg)](https://github.com/fluxcd/flux2-multi-tenancy/actions)
+[![e2e](https://github.com/fluxcd/flux2-multi-tenancy/workflows/e2e/badge.svg)](https://github.com/fluxcd/flux2-multi-tenancy/actions)
+[![license](https://img.shields.io/github/license/fluxcd/flux2-multi-tenancy.svg)](https://github.com/fluxcd/flux2-multi-tenancy/blob/main/LICENSE)
+
 This repository serves as a starting point for managing multi-tenant clusters with Git and Flux v2.
 
 ![](docs/img/flux2-multi-tenancy.png)
@@ -421,3 +425,13 @@ With the above configuration, the Flux instance running on the staging cluster w
 * create the tenant Git credentials Kubernetes secret in the tenant namespace
 * clone the tenant repository using the supplied credentials
 * apply the `./staging` directory from the tenant's repo using the tenant's service account
+
+## Testing
+
+Any change to the Kubernetes manifests or to the repository structure should be validated in CI before
+a pull request is merged into the main branch and synced on the cluster.
+
+This repository contains the following GitHub CI workflows:
+
+* the [test](./.github/workflows/test.yaml) workflow validates the Kubernetes manifests and Kustomize overlays with kubeval
+* the [e2e](./.github/workflows/e2e.yaml) workflow starts a Kubernetes cluster in CI and tests the staging setup by running Flux in Kubernetes Kind