diff --git a/apps/base/gitlab-runner/kustomization.yaml b/apps/base/gitlab-runner/kustomization.yaml
index 4d226781a2234ff3352cf1431262e81ce48dd7a9..635f4fe0a23065d6b212b1728cf9475bcd33d90a 100644
--- a/apps/base/gitlab-runner/kustomization.yaml
+++ b/apps/base/gitlab-runner/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
   - namespace.yaml
   - repository.yaml
   - release.yaml
+  - pod-cleanup.yaml
   - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
   - ../../../shared/networkpolicies/allow-from-monitoring.yaml
 patchesStrategicMerge:
diff --git a/apps/base/gitlab-runner/pod-cleanup.yml b/apps/base/gitlab-runner/pod-cleanup.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a72667111668eef484ebc7254c9eb7c953540762
--- /dev/null
+++ b/apps/base/gitlab-runner/pod-cleanup.yml
@@ -0,0 +1,52 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: pod-cleanup-role
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "delete"]
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: pod-cleanup-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: pod-cleanup-role
+subjects:
+- kind: ServiceAccount
+  name: pod-cleanup-sa
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pod-cleanup-sa
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: gitlab-runner-pod-cleanup
+spec:
+  restartPolicy: Always
+  serviceAccountName: pod-cleanup-sa
+  containers:
+  - name: gitlab-runner-pod-cleanup
+    image: registry.gitlab.com/gitlab-org/ci-cd/gitlab-runner-pod-cleanup:latest
+  resources:
+    requests:
+      cpu: 10m
+      memory: 64Mi
+    limits:
+      cpu: 250m
+      memory: 512Mi
+  securityContext:
+    capabilities:
+      drop: ["all"]
+      add: []
+    runAsNonRoot: true
+    runAsUser: 1000
\ No newline at end of file