Merge branch...

Merge branch '59498-add-troubleshooting-section-to-capture-errors-with-installing-applications-to-a-kubernetes-cluster' into 'master' Resolve "Add troubleshooting section to capture errors with installing applications to a Kubernetes cluster" Closes #59498 See merge request gitlab-org/gitlab-ce!26639

Merge branch...
Merge branch '59498-add-troubleshooting-section-to-capture-errors-with-installing-applications-to-a-kubernetes-cluster' into 'master' Resolve "Add troubleshooting section to capture errors with installing applications to a Kubernetes cluster" Closes #59498 See merge request gitlab-org/gitlab-ce!26639
c3c5190c · Evan Read · aeeba4be · ecae2c48 · c3c5190c
Commit c3c5190c authored Apr 03, 2019 by Evan Read
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 6 deletions

doc/user/project/clusters/index.md doc/user/project/clusters/index.md +23 -6

No files found.
--- a/doc/user/project/clusters/index.md
+++ b/doc/user/project/clusters/index.md
@@ -314,12 +314,6 @@ install it manually.

 ## Installing applications

-NOTE: **Note:**
-Before starting the installation of applications, make sure that time is synchronized
-between your GitLab server and your Kubernetes cluster. Otherwise, installation could fail
-and you may get errors like `Error: remote error: tls: bad certificate`
-in the `stdout` of pods created by GitLab in your Kubernetes cluster.
-
 GitLab provides a one-click install for various applications which can
 be added directly to your configured cluster. Those applications are
 needed for [Review Apps](../../../ci/review_apps/index.md) and
@@ -378,6 +372,29 @@ Upgrades will reset values back to the values built into the `runner`
 chart plus the values set by
 [`values.yaml`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/vendor/runner/values.yaml)

+### Troubleshooting applications
+
+Applications can fail with the following error:
+
+```text
+Error: remote error: tls: bad certificate
+```
+
+To avoid installation errors:
+
+- Before starting the installation of applications, make sure that time is synchronized
+  between your GitLab server and your Kubernetes cluster.
+- Ensure certificates are not out of sync.  When installing applications, GitLab expects a new cluster with no previous installation of Tiller.
+
+  You can confirm that the certificates match via `kubectl`:
+
+  ```sh
+  kubectl get configmaps/values-content-configuration-ingress -n gitlab-managed-apps -o \
+  "jsonpath={.data['cert\.pem']}" | base64 -d > a.pem
+  kubectl get secrets/tiller-secret -n gitlab-managed-apps -o "jsonpath={.data['ca\.crt']}" | base64 -d > b.pem
+  diff a.pem b.pem
+  ```
+
 ## Getting the external endpoint

 NOTE: **Note:**