gitlab-ci runner's Docker Executor | How can I see docker container where the build is going on?

Question

I am newbie to gitlab-ci. I have set up gitlab runner on my private server with docker executor. When I merge new commit to my repo, the build is triggered. I can confirm that from web UI of Gitlab.
As I understood, the jobs are run on runner server itself so I guess docker container is created on my private runner server. But I can not see that container, when I do docker ps -a or I can not see even docker image which is used to create container.
Is there a way to check container/image running job? Or is there any mistake in my understanding?

And I can see job's logs on web console but can I see those logs on CLI?

Please correct me if I am wrong at any point.

Answer 1

when I do docker ps -a or I can not see even docker image which is used to create container.

That seems expected if you have activated the docker:dind service (docker in docker).

You would see your containers only with Docker socket binding , where any containers spawned by docker commands will be siblings of the Runner rather than children of the runner.

By sharing the docker daemon, you are effectively disabling all the security mechanisms of containers and exposing your host to privilege escalation which can lead to container breakout.
For example, if a project ran docker rm -f $(docker ps -a -q) it would remove the GitLab Runner containers.