diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 44534b1..f00fdeb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,7 +25,7 @@ test_show_highstate:
 
 deploy_job:
   stage: deploy
-  script: salt-call event.fire_master update salt/fileserver/gitfs/update
+  script: sudo salt-call event.fire_master update salt/fileserver/gitfs/update
   only:
     - production
   tags:
diff --git a/pillar/role/worker_gitlab.sls b/pillar/role/worker_gitlab.sls
new file mode 100644
index 0000000..bcb334b
--- /dev/null
+++ b/pillar/role/worker_gitlab.sls
@@ -0,0 +1,6 @@
+sudoers:
+  included_files:
+    /etc/sudoers.d/gitlab-runner_nopasswd_saltmaster_deploy:
+      users:
+        gitlab-runner:
+          - 'ALL=(ALL) NOPASSWD: /usr/bin/salt-call event.fire_master update salt/fileserver/gitfs/update'