Using JSON keys to authenticate with Google Cloud is highly frowned upon. Unless you have no other option, Google Cloud provides a more secure means of authenticating externally executed code. My use case is for authentication in GitLab pipelines so that I can automate tasks. Think Terraform jobs or updating the files for a website stored in a Google Cloud storage bucket. I will use Google Cloud’s Workload Identity Federation solution and the OIDC (Open ID Connect) protocol in this solution.
I want to get my hands dirty with CI/CD. After looking around at cloud-hosted options such as Google Cloud Build and Azure DevOps/Pipelines, I decided to keep this process local by leveraging self-managed GitLab CI/CD pipelines.
To run a GitLab pipeline, you need only a special configuration file, .gitlab-ci.yml, at the root of your GitLab project/repository and at least one or more compute resources to execute jobs. In this article, I will discuss how I set up a GitLab runner using Podman.
Podman is an open-source tool for managing and running containers and pods. It is similar to Docker but better. 😎
Here are a few differences between using Podman and using Docker. It is daemon-less, does not need root privileges, and can use systemd to run containers/pods.
Unfortunately, under Ubuntu, the shipping version of Podman is old compared to the latest releases.
Here is what I did to install Podman from source on Ubuntu 24.04 LTS…
