GitLab Runner

Docker-in-Docker

To prevent Ci containers from running as privileged containers the following solution with the rootless-dind setup exists.

GitLab Runner config

  [runners.docker]
    privileged = false
    services_privileged = true
    allowed_privileged_services = ["docker.io/library/docker:*-dind-rootless", "docker.io/library/docker:dind-rootless", "docker:*-dind-rootless", "docker:dind-rootless"

GitLab CI config

error_pages:
  services:
    - docker:dind-rootless
  variables:
    DOCKER_HOST: tcp://docker:2376
    DOCKER_TLS_VERIFY: "true"
    DOCKER_CERT_PATH: "/certs/client"
    DOCKER_DRIVER: overlay2
  stage: deploy
  script:
    - docker run --rm quay.io/podman/hello:latest