From df1b135d1bc5868f6f7e73bded78b50bdd513084 Mon Sep 17 00:00:00 2001
From: David Lopez <david.lopez@optivamedia.com>
Date: Thu, 6 Feb 2025 15:13:20 +0100
Subject: [PATCH] Docs troubleshooting "Runner pods terminate immediately after
 starting"

---
 TROUBLESHOOTING.md | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/TROUBLESHOOTING.md b/TROUBLESHOOTING.md
index 38070051..8a412d53 100644
--- a/TROUBLESHOOTING.md
+++ b/TROUBLESHOOTING.md
@@ -327,4 +327,20 @@ spec:
     spec:
       dockerVarRunVolumeSizeLimit: 50M
       env: []
-```
\ No newline at end of file
+```
+
+### Runner pods terminate immediately after starting
+
+**Problem**
+
+If your runner-controller-listener pods are functioning correctly but the runner pods terminate immediately after starting, you may need to debug the issue using the default Docker image. Use the ghcr.io/actions/actions-runner:latest image and check the runner logs before the pods terminate.
+
+You can use the following command as a boilerplate to retrieve the logs:`kubectl logs $(kubectl get pods --namespace=<your-namespace> | grep '<pod-name-prefix>' | awk '{print $1}') --namespace=<your-namespace>`
+
+If you see anything like this `POST request to https://pipelinesghubeus23.actions.githubusercontent.com/#TOKEN#/_apis/oauth2/token failed. HTTP Status: BadRequest` this may apply.
+
+**Solution**
+
+Ensure that the system time on all individual Kubernetes nodes is synchronized. The GitHub API that creates the JIT tokens checks the HTTP headers' time, and even a 10-minute clock skew can cause the API to fail.
+
+You can synchronize the time on your nodes using `timedatectl set-ntp yes`. This command will enable NTP (Network Time Protocol) on your node, ensuring that the system time is accurate.