Allow privileged on gitlab runners

Pythoner6 · Pythoner6 · commit f3ac6a4a493e · 2024-02-03T18:20:53.000-05:00
diff --git a/k8s/gitlab/gitlab.cue b/k8s/gitlab/gitlab.cue
@@ -29,7 +29,14 @@ let nodeAffinity = {
 kustomizations: $default: #dependsOn: [dcsi.kustomizations.helm, cnpg.kustomizations.helm, rook.kustomizations.cluster]
 kustomizations: $default: manifest: {
   ns: #AppNamespace
-  runnerNs: c8s.#Namespace & {#name: "gitlab-runners"}
+  runnerNs: c8s.#Namespace & {
+    #name: "gitlab-runners"
+    metadata: labels: {
+      "pod-security.kubernetes.io/enforce": "privileged"
+      "pod-security.kubernetes.io/audit": "privileged"
+      "pod-security.kubernetes.io/warn": "privileged"
+    }
+  }
   "gitlab-db": clusters.#Cluster & {
     spec: {
       instances: 3
@@ -245,6 +252,7 @@ kustomizations: helm: manifest: {
               [runners.kubernetes]
                 namespace = "\(kustomizations.$default.manifest.runnerNs.metadata.name)"
                 image = "alpine"
+                privileged = true
               [runners.kubernetes.node_selector]
                 "kubernetes.io/arch" = "amd64"
                 "kubernetes.io/os" = "linux"
