RU EN HE
About Projects Blog
← Back to blog
DevOps & CI/CD

GitLab Runner in Containers: Podman Quadlets and Systemd

Wed Jan 28 · 2 min read

Introduction

GitLab CI is a powerful continuous integration system, but managing runners on servers can be complex. Podman Quadlets and systemd provide an elegant solution: the runner operates as a systemd unit, auto-restarts, and is managed with standard tools.

Podman Quadlets

Quadlets are a relatively new Podman feature that lets you describe containers in systemd unit format. A .container file is placed in ~/.config/containers/systemd/ and automatically transformed into a systemd service:

# ~/.config/containers/systemd/gitlab-runner.container
[Container]
Image=docker.io/gitlab/gitlab-runner:latest
Volume=/srv/gitlab-runner/config:/etc/gitlab-runner:Z
Volume=/run/user/1000/podman/podman.sock:/var/run/docker.sock:Z


[Service]
Restart=always
TimeoutStartSec=300


[Install]
WantedBy=default.target

Systemd Integration

After creating the quadlet file, systemd automatically generates a service. Management uses standard commands: daemon-reload, start, enable, status — the same workflow as any systemd service.

Runner Configuration

GitLab Runner configuration lives in config.toml and is mounted into the container. The key is configuring the executor — for Podman, use the docker executor but with the Podman socket instead.

Pipeline Examples

A typical CI pipeline for a Python project includes stages: lint (ruff), test (pytest), build (podman build), and deploy (push to registry). Each stage runs in an isolated container.

Security Considerations

Rootless Podman provides an additional security layer. The runner runs as an unprivileged user, CI containers are isolated by user namespaces. Registry credentials use Podman secrets instead of environment variables.

Monitoring and Logs

Runner logs are accessible via journalctl --user. Service status monitoring uses systemctl --user is-active, which integrates with existing monitoring systems through simple check scripts.

Conclusion

Podman Quadlets turn containers into full systemd services with auto-start, restart, and standard management. For GitLab Runner, this means reliable, secure, and easily maintainable CI infrastructure.