Add: JWT validation and GKE troubleshooting (#8678)

* Add: JWT validation troubleshooting

* Add: GKE troubleshooting

* Add: GKE troubleshooting

* Update openmetadata-docs/content/deployment/kubernetes/gke-troubleshooting.md

Co-authored-by: Nahuel <nahuel@getcollate.io>

* Update openmetadata-docs/content/deployment/kubernetes/gke-troubleshooting.md

Co-authored-by: Nahuel <nahuel@getcollate.io>

* Update openmetadata-docs/content/deployment/security/jwt-troubleshooting.md

Co-authored-by: Nahuel <nahuel@getcollate.io>

* Update openmetadata-docs/content/deployment/security/jwt-troubleshooting.md

Co-authored-by: Nahuel <nahuel@getcollate.io>

* Update openmetadata-docs/content/deployment/security/jwt-troubleshooting.md

Co-authored-by: Nahuel <nahuel@getcollate.io>

* Update openmetadata-docs/content/deployment/security/jwt-troubleshooting.md

Co-authored-by: Nahuel <nahuel@getcollate.io>

* Update openmetadata-docs/content/deployment/kubernetes/gke-troubleshooting.md

Co-authored-by: Nahuel <nahuel@getcollate.io>

* Update jwt-troubleshooting.md

* Update openmetadata-docs/content/deployment/kubernetes/gke-troubleshooting.md

Co-authored-by: Nahuel <nahuel@getcollate.io>

* Update openmetadata-docs/content/deployment/security/jwt-troubleshooting.md

Co-authored-by: Nahuel <nahuel@getcollate.io>

* Update openmetadata-docs/content/deployment/security/jwt-troubleshooting.md

Co-authored-by: Nahuel <nahuel@getcollate.io>

Co-authored-by: Nahuel <nahuel@getcollate.io>

openmetadata-docs/content/deployment/kubernetes/gke-troubleshooting.md

@@ -0,0 +1,29 @@
+---
+title: GKE Setup Troubleshooting
+slug: /deployment/kubernetes/gke-troubleshooting
+---
+
+# GKE Setup Troubleshooting
+
+If you came across `invalid access type while creating the pvc`, and the permission pod is stuck in "pending" state.
+
+The above error might have occurred due to the pvc volumes not setup or pvc volumes are not mounted properly.
+
+<div className="w-100 flex justify-center">
+<Image
+  src="/images/deployment/troubleshoot/dag-log.png"
+  alt="dag-log"
+/>
+</div>
+<div className="w-100 flex justify-center">
+<Image
+  src="/images/deployment/troubleshoot/permission-pod-events.png"
+  alt="permission-pod-events"
+  caption="Permission pod events"
+/>
+</div>
+
+Please validate:
+- all the prerequisites mentioned in this [section](/deployment/kubernetes/gke)
+- the configuration of `dags_pv_pvc.yml` file
+- `storageClassName` field in YAML file

openmetadata-docs/content/deployment/security/jwt-troubleshooting.md

@@ -0,0 +1,49 @@
+---
+title: JWT validation Troubleshooting
+slug: /deployment/security/jwt-troubleshooting
+---
+# JWT Troubleshooting
+
+Add the `{domain}:{port}/config/jwks` in the list of publicKeys
+
+```yaml
+  authentication:
+    provider: "google"
+    publicKeys:
+    - "https://www.googleapis.com/oauth2/v3/certs"
+    - "http://localhost:8585/api/v1/config/jwks" (your domain and port)
+```
+
+This config with `"http://localhost:8585/api/v1/config/jwks"` is the default behavior. If you are configuring and expecting a JWT token to work, configuring with that extra URL is required.
+
+JWT Tokens are issued by private certificates.
+
+We need public keys to decrypt it and get that token's user name, expiry time, etc.
+
+In OpenMetadata users can enable SSO for users to login and use JWT tokens issued by OpenMetadata for bots
+The way OpenMetadata issues a JWT Token is using this [config](https://github.com/open-metadata/OpenMetadata/blob/main/conf/openmetadata.yaml#L155). It uses the `rsapublicKeyFilePath` file to generate a token.
+
+When the ingestion workflow uses this token, we use `rsapublicKeyPath` to decrypt it. The way we do this is using the response from this endpoint `http://localhost:8585/api/v1/config/jwks`.
+
+
+## Get JWT token from UI.
+
+First Open Open-Metadata UI than go to settings > Bots > Ingestion Bot
+
+<div className="w-100 flex justify-center">
+<Image
+  src="/images/deployment/troubleshoot/jwt-token.png"
+  alt="jwt-token"
+  caption="JWT token in Openmetada UI"
+/>
+</div>
+
+You can validate that in [jwt.io](https://jwt.io/). if there's something wrong on how the JWT token was generated.
+
+<div className="w-100 flex justify-center">
+<Image
+  src="/images/deployment/troubleshoot/jwt-validation.png"
+  alt="jwt.io"
+  caption="jwt.io tool for validating JWT claims"
+/>
+</div>

openmetadata-docs/content/menu.md

@@ -52,6 +52,8 @@ site_menu:
     url: /deployment/kubernetes/security
   - category: Deployment / Kubernetes Deployment / Helm Values
     url: /deployment/kubernetes/helm-values
+  - category: Deployment / Kubernetes Deployment / GKE Troubleshooting
+    url: /deployment/kubernetes/gke-troubleshooting
 
   - category: Deployment / Enable Security
     url: /deployment/security
@@ -133,6 +135,8 @@ site_menu:
     url: /deployment/security/enable-ssl/openmetadata-server
   - category: Deployment / Enable Security / Enable JWT Tokens
     url: /deployment/security/enable-jwt-tokens
+  - category: Deployment / Enable Security / JWT Troubleshooting
+    url: /deployment/security/jwt-troubleshooting
 
   - category: Deployment / Enable Secrets Manager
     url: /deployment/secrets-manager