From 188962aff731c7238f6770ed7bb63170e52d91e5 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Thu, 9 Feb 2023 23:51:15 +0100
Subject: [PATCH] feat(gitlab-runner): Deploy upstream pod cleanup controller

Reference:
https://gitlab.com/gitlab-org/ci-cd/gitlab-runner-pod-cleanup
---
 apps/base/gitlab-runner/kustomization.yaml |  1 +
 apps/base/gitlab-runner/pod-cleanup.yml    | 52 ++++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 apps/base/gitlab-runner/pod-cleanup.yml

diff --git a/apps/base/gitlab-runner/kustomization.yaml b/apps/base/gitlab-runner/kustomization.yaml
index 4d226781a..635f4fe0a 100644
--- a/apps/base/gitlab-runner/kustomization.yaml
+++ b/apps/base/gitlab-runner/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
   - namespace.yaml
   - repository.yaml
   - release.yaml
+  - pod-cleanup.yaml
   - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
   - ../../../shared/networkpolicies/allow-from-monitoring.yaml
 patchesStrategicMerge:
diff --git a/apps/base/gitlab-runner/pod-cleanup.yml b/apps/base/gitlab-runner/pod-cleanup.yml
new file mode 100644
index 000000000..a72667111
--- /dev/null
+++ b/apps/base/gitlab-runner/pod-cleanup.yml
@@ -0,0 +1,52 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: pod-cleanup-role
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "delete"]
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: pod-cleanup-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: pod-cleanup-role
+subjects:
+- kind: ServiceAccount
+  name: pod-cleanup-sa
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pod-cleanup-sa
+---
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: gitlab-runner-pod-cleanup
+spec:
+  restartPolicy: Always
+  serviceAccountName: pod-cleanup-sa
+  containers:
+  - name: gitlab-runner-pod-cleanup
+    image: registry.gitlab.com/gitlab-org/ci-cd/gitlab-runner-pod-cleanup:latest
+  resources:
+    requests:
+      cpu: 10m
+      memory: 64Mi
+    limits:
+      cpu: 250m
+      memory: 512Mi
+  securityContext:
+    capabilities:
+      drop: ["all"]
+      add: []
+    runAsNonRoot: true
+    runAsUser: 1000
\ No newline at end of file
-- 
GitLab