feat(gitlab-runner): Deploy upstream pod cleanup controller

Reference: https://gitlab.com/gitlab-org/ci-cd/gitlab-runner-pod-cleanup

feat(gitlab-runner): Deploy upstream pod cleanup controller
188962af · Sheogorath · 37213b51 · 188962af · 188962af
Verified Commit 188962af authored 2 years ago by Sheogorath
--- a/apps/base/gitlab-runner/kustomization.yaml
+++ b/apps/base/gitlab-runner/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
  - namespace.yaml
  - repository.yaml
  - release.yaml
+  - pod-cleanup.yaml
  - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
  - ../../../shared/networkpolicies/allow-from-monitoring.yaml
 patchesStrategicMerge:

--- a/apps/base/gitlab-runner/pod-cleanup.yml
+++ b/apps/base/gitlab-runner/pod-cleanup.yml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: pod-cleanup-role
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: pod-cleanup-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: pod-cleanup-role
+subjects:
+- kind: ServiceAccount
+  name: pod-cleanup-sa
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pod-cleanup-sa
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: gitlab-runner-pod-cleanup
+spec:
+  restartPolicy: Always
+  serviceAccountName: pod-cleanup-sa
+  containers:
+  - name: gitlab-runner-pod-cleanup
+    image: registry.gitlab.com/gitlab-org/ci-cd/gitlab-runner-pod-cleanup:latest
+  resources:
+    requests:
+      cpu: 10m
+      memory: 64Mi
+    limits:
+      cpu: 250m
+      memory: 512Mi
+  securityContext:
+    capabilities:
+      drop: ["all"]
+      add: []
+    runAsNonRoot: true
+    runAsUser: 1000
\ No newline at end of file