From 74fa6986afe069e6f933b39e5f2f3a1caa9445d4 Mon Sep 17 00:00:00 2001
From: Alex Wu <c.alexwu@gmail.com>
Date: Sun, 3 Nov 2024 23:52:57 +0800
Subject: [PATCH 1/5] add tls config setting related information to
 troubleshoot doc

Signed-off-by: Alex Wu <c.alexwu@gmail.com>
---
 docs/community/troubleshoot.rst | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/docs/community/troubleshoot.rst b/docs/community/troubleshoot.rst
index 692e3c2aed..54bd772271 100644
--- a/docs/community/troubleshoot.rst
+++ b/docs/community/troubleshoot.rst
@@ -176,3 +176,30 @@ Please add ``spark`` to the list of `enabled-plugins` in the config yaml file. F
       default-for-task-types:
         - container: container
         - container_array: K8S-ARRAY
+
+``authentication handshake failed: x509: "Kubernetes Ingress Controller Fake Certificate" certificate is not trusted"`` when deploying flyte-core to your own kubernetes cluster
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Please enable ``tls`` in the ingress configuration of your Kubernetes cluster:
+
+.. code-block:: yaml
+  ingress:
+    host: <http://example.com|example.com>
+    separateGrpcIngress: true
+    separateGrpcIngressAnnotations:
+      <http://ingress.kubernetes.io/backend-protocol|ingress.kubernetes.io/backend-protocol>: "grpc"
+    annotations:
+      <http://ingress.kubernetes.io/app-root|ingress.kubernetes.io/app-root>: "/console"
+      <http://ingress.kubernetes.io/default-backend-redirect|ingress.kubernetes.io/default-backend-redirect>: "/console"
+      <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: haproxy
+    tls:
+      enabled: true
+
+Moreover, disable ``insecure`` in your ``flytectl`` client config.yaml:
+
+.. code-block:: yaml
+  admin:
+  endpoint: dns:///example.com
+  authType: Pkce
+  insecure: false
+  insecureSkipVerify: true

From 955d92d9868cd9aa67715e52d6d7e44d6edf699b Mon Sep 17 00:00:00 2001
From: Alex Wu <c.alexwu@gmail.com>
Date: Tue, 5 Nov 2024 11:33:22 +0800
Subject: [PATCH 2/5] fix some information in the doc

Signed-off-by: Alex Wu <c.alexwu@gmail.com>
---
 docs/community/troubleshoot.rst | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/community/troubleshoot.rst b/docs/community/troubleshoot.rst
index 54bd772271..70a1b4630b 100644
--- a/docs/community/troubleshoot.rst
+++ b/docs/community/troubleshoot.rst
@@ -180,7 +180,9 @@ Please add ``spark`` to the list of `enabled-plugins` in the config yaml file. F
 ``authentication handshake failed: x509: "Kubernetes Ingress Controller Fake Certificate" certificate is not trusted"`` when deploying flyte-core to your own kubernetes cluster
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Please enable ``tls`` in the ingress configuration of your Kubernetes cluster:
+This issue is caused by TLS being disabled in your Kubernetes cluster. You can resolve the problem by following these steps:
+
+Enable ``tls`` in the ``values.yaml`` ingress configuration of flyte-core in order to expose gRPC service at 443 port:
 
 .. code-block:: yaml
   ingress:
@@ -193,13 +195,13 @@ Please enable ``tls`` in the ingress configuration of your Kubernetes cluster:
       <http://ingress.kubernetes.io/default-backend-redirect|ingress.kubernetes.io/default-backend-redirect>: "/console"
       <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: haproxy
     tls:
-      enabled: true
+      enabled: true # enable tls
 
-Moreover, disable ``insecure`` in your ``flytectl`` client config.yaml:
+Disable ``insecure`` in your ``flytectl`` client config.yaml:
 
 .. code-block:: yaml
   admin:
   endpoint: dns:///example.com
   authType: Pkce
-  insecure: false
+  insecure: false # disable insecure in flytectl
   insecureSkipVerify: true

From 04e5b599efe4556ee53bb9c06d2ca955bb95eab6 Mon Sep 17 00:00:00 2001
From: Alex Wu <c.alexwu@gmail.com>
Date: Tue, 5 Nov 2024 13:07:36 +0800
Subject: [PATCH 3/5] fix code block error

Signed-off-by: Alex Wu <c.alexwu@gmail.com>
---
 docs/community/troubleshoot.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/community/troubleshoot.rst b/docs/community/troubleshoot.rst
index 70a1b4630b..fc9ab1ebcb 100644
--- a/docs/community/troubleshoot.rst
+++ b/docs/community/troubleshoot.rst
@@ -185,6 +185,7 @@ This issue is caused by TLS being disabled in your Kubernetes cluster. You can r
 Enable ``tls`` in the ``values.yaml`` ingress configuration of flyte-core in order to expose gRPC service at 443 port:
 
 .. code-block:: yaml
+
   ingress:
     host: <http://example.com|example.com>
     separateGrpcIngress: true
@@ -200,6 +201,7 @@ Enable ``tls`` in the ``values.yaml`` ingress configuration of flyte-core in ord
 Disable ``insecure`` in your ``flytectl`` client config.yaml:
 
 .. code-block:: yaml
+  
   admin:
   endpoint: dns:///example.com
   authType: Pkce

From d38346fa20b6c6bb42c06a54ee85951bd2acbe1e Mon Sep 17 00:00:00 2001
From: Alex Wu <c.alexwu@gmail.com>
Date: Tue, 5 Nov 2024 13:54:53 +0800
Subject: [PATCH 4/5] minor fix to make the information more clear

Signed-off-by: Alex Wu <c.alexwu@gmail.com>
---
 docs/community/troubleshoot.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/community/troubleshoot.rst b/docs/community/troubleshoot.rst
index fc9ab1ebcb..5770f2d4a5 100644
--- a/docs/community/troubleshoot.rst
+++ b/docs/community/troubleshoot.rst
@@ -182,7 +182,7 @@ Please add ``spark`` to the list of `enabled-plugins` in the config yaml file. F
 
 This issue is caused by TLS being disabled in your Kubernetes cluster. You can resolve the problem by following these steps:
 
-Enable ``tls`` in the ``values.yaml`` ingress configuration of flyte-core in order to expose gRPC service at 443 port:
+- Enable ``tls`` in the ``values.yaml`` ingress configuration of flyte-core in order to expose gRPC service at 443 port:
 
 .. code-block:: yaml
 
@@ -198,10 +198,10 @@ Enable ``tls`` in the ``values.yaml`` ingress configuration of flyte-core in ord
     tls:
       enabled: true # enable tls
 
-Disable ``insecure`` in your ``flytectl`` client config.yaml:
+- Disable ``insecure`` in your ``flytectl`` client config.yaml:
 
 .. code-block:: yaml
-  
+
   admin:
   endpoint: dns:///example.com
   authType: Pkce

From ee4363ac06013d61f4b49a061c42011aa36f71ff Mon Sep 17 00:00:00 2001
From: Alex Wu <c.alexwu@gmail.com>
Date: Tue, 5 Nov 2024 13:57:42 +0800
Subject: [PATCH 5/5] highlight the config.yaml

Signed-off-by: Alex Wu <c.alexwu@gmail.com>
---
 docs/community/troubleshoot.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/community/troubleshoot.rst b/docs/community/troubleshoot.rst
index 5770f2d4a5..2a1b620515 100644
--- a/docs/community/troubleshoot.rst
+++ b/docs/community/troubleshoot.rst
@@ -198,7 +198,7 @@ This issue is caused by TLS being disabled in your Kubernetes cluster. You can r
     tls:
       enabled: true # enable tls
 
-- Disable ``insecure`` in your ``flytectl`` client config.yaml:
+- Disable ``insecure`` in your ``flytectl`` client ``config.yaml``:
 
 .. code-block:: yaml