diff --git a/docs/guide/use/tencent/images/opaque.png b/docs/guide/use/tencent/images/opaque.png
new file mode 100644
index 00000000..b4972f75
Binary files /dev/null and b/docs/guide/use/tencent/images/opaque.png differ
diff --git a/docs/guide/use/tencent/images/tcpssl.png b/docs/guide/use/tencent/images/tcpssl.png
new file mode 100644
index 00000000..579691e5
Binary files /dev/null and b/docs/guide/use/tencent/images/tcpssl.png differ
diff --git a/docs/guide/use/tencent/index.md b/docs/guide/use/tencent/index.md
index 9dbf6a39..7a74603b 100644
--- a/docs/guide/use/tencent/index.md
+++ b/docs/guide/use/tencent/index.md
@@ -8,8 +8,11 @@
 ![](./tencent-access.png)
 
 
+
 ## 如何避免收到腾讯云证书过期邮件
 
+> 新版本已经自动将证书设置为免提醒，certd上传的证书后续都不会再提醒了。
+
 腾讯云在证书有效期还剩28天时会发送过期通知邮件    
 您可以通过配置“腾讯云过期证书删除”任务来避免收到此类邮件。
 
@@ -18,4 +21,17 @@
 注意点：
 > 1. 选择腾讯云授权，需授权`服务角色SSL_QCSLinkedRoleInReplaceLoadCertificate`权限
 > 2. `1.26.14`版本之前Certd创建的证书流水线默认是到期前20天才更新证书，需要将之前创建的证书申请任务的更新天数修改为35天，保证删除之前就已经替换掉即将过期证书
-![](./images/delete2.png)
\ No newline at end of file
+![](./images/delete2.png)
+
+
+
+
+## TKE service 的 TCP_SSL Opaque类型证书授权
+
+部署证书到腾讯云TKE，如果报以下错误：     
+`is forbidden: User "xxxxxx-xxxxx" cannot get resource "secrets" in API group "" in the namespace "default"'`     
+则需要单独从授权管理侧再授权子用户的权限
+
+![](./images/tcpssl.png)
+
+![](./images/opaque.png)