sec: add PDB and NetPol for gitea actions runners

gitea/actions/runner.yaml

@@ -60,3 +60,39 @@ spec:
         volumeMounts:
         - name: runner-data
           mountPath: /data
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: action-runner-pdb
+  namespace: homelab
+spec:
+  minAvailable: 6
+  selector:
+    matchLabels:
+      app: action-runner
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: action-runner-netpol
+  namespace: homelab
+spec:
+  podSelector:
+    matchLabels:
+      app: action-runner
+  policyTypes:
+  - Egress
+  egress:
+  - to: []
+    ports:
+    - protocol: TCP
+      port: 443
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          name: homelab
+    ports:
+    - protocol: TCP
+    - protocol: UDP
+      port: 53