docs(Authentik): Added How-To Guide with built-in Proxy Provider (#4172)

* docs(Authentik): Add How-To Guide for built-in Proxy Provider

* Update how_to.md

* add note

* fix Outpost info

* lint

Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>

charts/stable/authentik/Chart.yaml

@@ -27,7 +27,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/stable/authentik
   - https://github.com/goauthentik/authentik
   - https://goauthentik.io/docs/
-version: 7.1.8
+version: 7.2.0
 annotations:
   truecharts.org/catagories: |
     - authentication

charts/stable/authentik/docs/how_to.md

@@ -0,0 +1,130 @@
+# How-To
+
+This is a quick how-to or setup guide to use Authentik with TrueNAS SCALE and setup a simple Proxy Provider with `traefik` using the Embedded Outpost to use as a Traefik `forwardauth`. This guide was created with Authentik `2022.10.0` and will be updated if things dramatically change.
+This can be applied to other systems but this specific guide has been tested and created on TrueNAS SCALE and isn't guaranteed to work with any other configs.
+
+## Requirements
+
+- Authentik TrueCharts Chart
+- Traefik Truecharts Chart
+
+## Prerequisites
+
+This guide assumes you're using Traefik as your Reverse Proxy / Ingress provider and have through the configuration listen in our [Quick-Start guides](https://truecharts.org/docs/manual/SCALE%20Apps/adding-letsencrypt) and/or the [Traefik documents](https://truecharts.org/docs/charts/stable/traefik/how-to/). Please ensure that you can access your domain properly with Ingress before attempting any further steps.
+
+## Authentik Chart Setup
+
+:::note
+
+The `Authentik` chart has many options, which may enhance or break your chart depending on your setup and are beyond the scope of this guide
+
+:::
+
+### Container Configuration
+
+All of the defaults are fine to start off, you must choose a password, however `ingress` must be set if you wish to use `authentik` with `traefik`.
+
+**Ingress Example**
+
+![Ingress-Auth](img/Ingress-Auth.png)
+
+## Authentik GUI Setup
+
+Default username is `akadmin` and password is whatever you entered in the initial setup.
+
+- Once logged in enter the Admin Interface
+
+![Applications-Screen](img/Applications-Screen.png)
+
+### Create Application
+
+- First step is to create an Application for use with `authentik`
+
+![Create-Application](img/Create-Applications.png)
+
+- Specific the `Name` and `Slug` and then choose `Create Provider`
+
+![Create-Applications-2](img/Create-Applications-2.png)
+
+- Choose a new provider `Proxy Provider`.
+
+![New-Provider-1](img/New-Provider-1.png)
+
+- The simplest is to give it a name and use `Forward auth (domain level)`. Once there you enter the `main ingress` URL you use to access `authentik` and the `cookie domain` as the main domain you use.
+
+![New-Provider-2](img/New-Provider-2.png)
+
+- Once done use that new `Provider` you created
+
+![Create-Applications-3](img/Create-Applications-3.png)
+
+### Choose Provider
+
+If everything was done properly above, you should have the Provider you created assigned to your Application
+
+![Providers](img/Providers.png)
+
+### Use Embedded Outpost
+
+![Outposts](img/Outposts.png)
+
+- Next step is simply attaching your `application` with the `authentik Embedded Outpost` that has been created automatically. Click the `Edit` button under Actions
+
+![Update-Outposts](img/Update-Outpost.png)
+
+- Name your `Outpost` and choose the `Application` you wish to use with `authentik`. Click `Update` and verify it's usage with the Healthcheck below.
+
+![Verify-Outpost](img/Verify-Outpost.png)
+
+## Traefik ForwardAuth Setup
+
+Once `authentik` is setup and running, you must create a `forwardAuth` inside `Traefik` in order to use authentication with Traefik. For my purposes `auth` is what I used but as long as you remember it you're fine.
+
+![Traefik-forwardAuth](img/Traefik-forwardAuth.png)
+
+- The main thing about this screen is to use the internal DNS name for simplicity
+
+:::
+http://authentik-http.ix-authentik.svc.cluster.local:10230/outpost.goauthentik.io/auth/traefik
+:::
+
+There's also a list of `authResponseHeaders` inside `authentik` listed for use with `Traefik`, so in case you need them here they are.
+
+- `X-authentik-username`
+- `X-authentik-groups`
+- `X-authentik-email`
+- `X-authentik-name`
+- `X-authentik-uid`
+- `X-authentik-jwt`
+- `X-authentik-meta-jwks`
+- `X-authentik-meta-outpost`
+- `X-authentik-meta-provider`
+- `X-authentik-meta-app`
+- `X-authentik-meta-version`
+
+### Add Traefik forwardAuth to Charts
+
+- Once that is done all you need to add the `middleware` to your Charts under the `Ingress section`, as in my case it's called `auth`.
+
+![Traefik-Middleware](img/Traefik-Middleware.png)
+
+And that's it.
+
+## Verification it works
+
+- Simply visit any `URL` that you have `Traefik` + the `forwardAuth` middleware enabled
+
+![Verify](img/Verify.png)
+
+- Login and voila!
+
+![Verify2](img/Verify-2.png)
+
+## Support
+
+- You can also reach us using [Discord](https://discord.gg/tVsPTHWTtr) for real-time feedback and support
+- If you found a bug in our chart, open a Github [issue](https://github.com/truecharts/apps/issues/new/choose) but generally it's advised to contact us on Discord first in most cases.
+
+---
+
+All Rights Reserved - The TrueCharts Project