I recently wrote a blog post of GitLab CI + Docker (using DinD or socket mounts). There are plenty of diagrams there that can help you understand the different configurations:
Note that whether you use the Docker socket or the DinD approach, both are by default not secure (the job can easily gain control of the host machine where the GitLab runner is executing). The blog post offers a solution to this.
Hope that helps!