diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index c950156..c80b64d 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -7,15 +7,18 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Deploy dengan Konfigurasi Mount
+      - name: Deploy via SCP (Jalur Luar Container)
         env:
-          # Memaksa kubectl membaca file yang kita mount di docker-compose
-          KUBECONFIG: /root/.kube/config
+          # SSH_PRIVATE_KEY harus diisi dengan isi file /root/.ssh/id_rsa Anda
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
         run: |
-          curl -LO "https://dl.k8s.io/release/v1.28.2/bin/linux/amd64/kubectl"
-          chmod +x ./kubectl
+          # 1. Simpan key ke file
+          echo "$SSH_PRIVATE_KEY" > deploy_key
+          chmod 600 deploy_key
           
-          echo "=> Menjalankan kubectl dengan konfigurasi yang tepat..."
-          ./kubectl get nodes
-          ./kubectl apply -f dashdot-deploy.yaml
-          ./kubectl rollout status deployment/dashdot
\ No newline at end of file
+          # 2. Kirim file deployment ke VPS
+          scp -o StrictHostKeyChecking=no -i deploy_key dashdot-deploy.yaml root@43.134.163.21:/tmp/dashdot-deploy.yaml
+          
+          # 3. Jalankan kubectl di VPS (bukan di dalam container runner)
+          ssh -o StrictHostKeyChecking=no -i deploy_key root@43.134.163.21 "KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl apply -f /tmp/dashdot-deploy.yaml"
+          ssh -o StrictHostKeyChecking=no -i deploy_key root@43.134.163.21 "KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl rollout status deployment/dashdot"
\ No newline at end of file