diff --git a/dmz/gitlab-runner/Chart.yaml b/dmz/gitlab-runner/Chart.yaml
new file mode 100644
index 0000000..f64e829
--- /dev/null
+++ b/dmz/gitlab-runner/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: gitlab-runner
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: gitlab-runner
+  repository: https://charts.gitlab.io/
+  version: 0.69.0
diff --git a/dmz/gitlab-runner/templates/secrets.yaml b/dmz/gitlab-runner/templates/secrets.yaml
new file mode 100644
index 0000000..8360d34
--- /dev/null
+++ b/dmz/gitlab-runner/templates/secrets.yaml
@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: gitlab-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: gitlab-secret
+  data:
+  - secretKey: runner-registration-token
+    remoteRef:
+      key: secrets/gitlab/runner
+      property: runner-registration-token
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault
diff --git a/dmz/gitlab-runner/values.yaml b/dmz/gitlab-runner/values.yaml
new file mode 100644
index 0000000..9535eb7
--- /dev/null
+++ b/dmz/gitlab-runner/values.yaml
@@ -0,0 +1,71 @@
+gitlab-runner:
+
+  image:
+    registry: registry.internal.durp.info
+    image: gitlab-org/gitlab-runner
+
+  imagePullPolicy: Always
+  gitlabUrl: https://gitlab.com/
+  unregisterRunner: false
+  terminationGracePeriodSeconds: 3600
+  concurrent: 10
+  checkInterval: 30
+
+  rbac:
+    create: true
+    rules: []
+    clusterWideAccess: false
+    podSecurityPolicy:
+      enabled: false
+      resourceNames:
+      - gitlab-runner
+
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true      
+  service:
+    enabled: true
+    annotations: {}  
+
+  runners:
+    config: |
+      [[runners]]
+        [runners.kubernetes]
+          namespace = "{{.Release.Namespace}}"
+          image = "ubuntu:22.04"
+          privileged = true
+
+    executor: kubernetes
+    name: "k3s"
+    runUntagged: true
+    privileged: true
+    secret: gitlab-secret
+    #builds: 
+      #cpuLimit: 200m
+      #cpuLimitOverwriteMaxAllowed: 400m
+      #memoryLimit: 256Mi
+      #memoryLimitOverwriteMaxAllowed: 512Mi
+      #cpuRequests: 100m
+      #cpuRequestsOverwriteMaxAllowed: 200m
+      #memoryRequests: 128Mi
+      #memoryRequestsOverwriteMaxAllowed: 256Mi
+
+  securityContext:
+    allowPrivilegeEscalation: false
+    readOnlyRootFilesystem: false
+    runAsNonRoot: true
+    privileged: false
+    capabilities:
+      drop: ["ALL"]
+
+  podSecurityContext:
+    runAsUser: 100
+    fsGroup: 65533
+
+  resources: 
+    limits:
+      memory: 2Gi
+    requests:
+      memory: 128Mi
+      cpu: 500m
diff --git a/master/argocd/templates/gitlab-runner.yaml b/master/argocd/templates/gitlab-runner.yaml
index 13f4ebd..8a1afec 100644
--- a/master/argocd/templates/gitlab-runner.yaml
+++ b/master/argocd/templates/gitlab-runner.yaml
@@ -1,21 +1,21 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: gitlab-runner
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/gitlab-runner
-  destination:
-    namespace: gitlab-runner
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true    
-
+#apiVersion: argoproj.io/v1alpha1
+#kind: Application
+#metadata:
+#  name: gitlab-runner
+#  namespace: argocd
+#spec:
+#  project: default
+#  source:
+#    repoURL: https://gitlab.com/developerdurp/homelab.git
+#    targetRevision: main
+#    path: master/gitlab-runner
+#  destination:
+#    namespace: gitlab-runner
+#    name: in-cluster
+#  syncPolicy:
+#    automated:
+#      prune: true
+#      selfHeal: true  
+#    syncOptions:
+#      - CreateNamespace=true    
+#