Expanded information about Let's Encrypt certificates (#796)

* Expanded information about Let's Encrypt certificates. * Noted that Kubeflow renews the SSL cert automatically,

Expanded information about Let's Encrypt certificates (#796)
* Expanded information about Let's Encrypt certificates. * Noted that Kubeflow renews the SSL cert automatically,
4ca99f9b · Sarah Maddox · Kubernetes Prow Robot · bd937a46 · 4ca99f9b · 4ca99f9b
3 changed file
--- a/content/docs/gke/deploy/monitor-iap-setup.md
+++ b/content/docs/gke/deploy/monitor-iap-setup.md
@@ -20,6 +20,9 @@ or the [command-line interface](/docs/gke/deploy/deploy-cli/),
 you choose the authentication method you want to use. One of the options is
 Cloud IAP. This document assumes that you have already deployed Kubeflow.

+Kubeflow uses the [Let's Encrypt](https://letsencrypt.org/) service to provide 
+an SSL certificate for the Kubeflow UI.
+
 Cloud IAP gives you the following benefits:

 * Users can log in in using their GCP accounts.
@@ -242,3 +245,13 @@ problems:
    and add the redirect URI listed in the error message to the list of 
    authorized URIs. For more information, read the guide to 
    [setting up OAuth for Cloud IAP](/docs/gke/deploy/oauth-setup/).
+
+## Expiry of the SSL certificate from Let's Encrypt
+
+Kubeflow runs an agent in your cluster to renew the Let's Encrypt certificate
+automatically. You don't need to take any action.
+For more information, see the [Let's Encrypt 
+documentation](https://letsencrypt.org/docs/integration-guide/).
+
+For questions and support about the certificate, visit 
+[Let's Encrypt support](https://community.letsencrypt.org/).
\ No newline at end of file
--- a/content/docs/gke/troubleshooting-gke.md
+++ b/content/docs/gke/troubleshooting-gke.md
@@ -15,11 +15,14 @@ This guide covers troubleshooting specifically for
 For more help, try the 
 [general Kubeflow troubleshooting guide](/docs/other-guides/troubleshooting).

-## Troubleshooting Cloud IAP
+## Troubleshooting Cloud Identity-Aware Proxy (Cloud IAP)

 Here are some tips for troubleshooting Cloud IAP.

- * Make sure you are using HTTPS
+ * Make sure you are using HTTPS.
+ * See the guide to 
+  [monitoring your Cloud IAP setup](/docs/gke/deploy/monitor-iap-setup/).
+* See the sections below for troubleshooting specific problems.

 ### DNS name not registered

@@ -231,6 +234,11 @@ usually indicates the loadbalancer doesn't think any backends are healthy.
      * Check the pods are running
      * Check services are pointing at the points (look at the endpoints for the various services)

+### Problems with SSL certificate from Let's Encrypt
+
+See the guide to 
+[monitoring your Cloud IAP setup](/docs/gke/deploy/monitor-iap-setup/).
+
 ## Envoy pods crash-looping: root cause is backend quota exceeded

 If your logs show the 

--- a/content/docs/other-guides/accessing-uis.md
+++ b/content/docs/other-guides/accessing-uis.md
@@ -11,11 +11,11 @@ instructions on how to connect to them.

 Kubeflow comes with a number of web UIs, including:

-* Argo UI
 * Central UI for navigation
 * Jupyter notebooks
-* Katib
-* TFJobs Dashboard
+* TFJob Dashboard
+* Katib Dashboard
+* Pipelines Dashboard

 To make it easy to connect to these UIs Kubeflow provides a left hand navigation
 bar for navigating between the different applications.
@@ -42,6 +42,12 @@ https://<name>.endpoints.<project>.cloud.goog/

 This URL brings up the landing page illustrated above.

+When deployed with Cloud IAP, Kubeflow uses the 
+[Let's Encrypt](https://letsencrypt.org/) service to provide an SSL certificate 
+for the Kubeflow UI. For troubleshooting issues with your certificate, see the 
+guide to 
+[monitoring your Cloud IAP setup](/docs/gke/deploy/monitor-iap-setup/).
+
 ## Using Kubectl and port-forwarding

 If you're not using the Cloud IAP option or if you haven't yet set up your