From f3ac6a4a493e90f0ec9ce1102432f874c7fa89a5 Mon Sep 17 00:00:00 2001
From: pythoner6 <pythoner6@gmail.com>
Date: Sat, 3 Feb 2024 18:20:53 -0500
Subject: [PATCH] Allow privileged on gitlab runners

---
 k8s/gitlab/gitlab.cue | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/k8s/gitlab/gitlab.cue b/k8s/gitlab/gitlab.cue
index 1857e60..da09b99 100644
--- a/k8s/gitlab/gitlab.cue
+++ b/k8s/gitlab/gitlab.cue
@@ -29,7 +29,14 @@ let nodeAffinity = {
 kustomizations: $default: #dependsOn: [dcsi.kustomizations.helm, cnpg.kustomizations.helm, rook.kustomizations.cluster]
 kustomizations: $default: manifest: {
   ns: #AppNamespace
-  runnerNs: c8s.#Namespace & {#name: "gitlab-runners"}
+  runnerNs: c8s.#Namespace & {
+    #name: "gitlab-runners"
+    metadata: labels: {
+      "pod-security.kubernetes.io/enforce": "privileged"
+      "pod-security.kubernetes.io/audit": "privileged"
+      "pod-security.kubernetes.io/warn": "privileged"
+    }
+  }
   "gitlab-db": clusters.#Cluster & {
     spec: {
       instances: 3
@@ -245,6 +252,7 @@ kustomizations: helm: manifest: {
               [runners.kubernetes]
                 namespace = "\(kustomizations.$default.manifest.runnerNs.metadata.name)"
                 image = "alpine"
+                privileged = true
               [runners.kubernetes.node_selector]
                 "kubernetes.io/arch" = "amd64"
                 "kubernetes.io/os" = "linux"