website: latest PR for new Docs structure (#11639)

* first pass

* dependency shenanigans

* move blueprints

* few broken links

* change config the throw errors

* internal file edits

* fighting links

* remove sidebarDev

* fix subdomain

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix relative URL

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix mismatched package versions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix api reference build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test tweak

* links hell

* more links hell

* links hell2

* yep last of the links

* last broken link fixed

* re-add cves

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add devdocs redirects

* add dir

* tweak netlify.toml

* move latest 2 CVES into dir

* fix links to moved cves

* typoed title fix

* fix link

* remove banner

* remove committed api docs

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* integrations: remove version dropdown

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update Makefile

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* change doc links in web as well

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix some more docs paths

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix more docs paths

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* ci: require ci-web.build for merging

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Revert "ci: require ci-web.build for merging"

This reverts commit b99a4842a9.

* remove sluf for Application

* put slug back in

* minor fix to trigger deploy

* Spelled out Documentation in menu bar

* remove image redirects...

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove explicit index.md

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove mdx first

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* then remove .md

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add missing prefix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

website/docs/install-config/install/docker-compose.mdx

@@ -0,0 +1,122 @@
+---
+title: Docker Compose installation
+---
+
+This installation method is for test setups and small-scale production setups.
+
+## Requirements
+
+-   A host with at least 2 CPU cores and 2 GB of RAM
+-   Docker
+-   Docker Compose (Compose v2 is recommended, see [here](https://docs.docker.com/compose/migrate/) for instructions on how to upgrade)
+
+## Video
+
+<iframe
+    width="560"
+    height="315"
+    src="https://www.youtube.com/embed/O1qUbrk4Yc8?si=HiSBjmJYhE_oJhB1&amp;start=22"
+    title="YouTube video player"
+    frameborder="0"
+    allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+    allowfullscreen
+></iframe>
+
+## Preparation
+
+To download the latest `docker-compose.yml` open your terminal and navigate to the directory of your choice.
+Run the following command:
+
+import Tabs from "@theme/Tabs";
+import TabItem from "@theme/TabItem";
+
+{/* prettier-ignore */}
+<Tabs groupId="OS">
+    <TabItem value="Linux" label="Linux" default>
+        ```shell
+        wget https://goauthentik.io/docker-compose.yml
+        ```
+    </TabItem>
+    <TabItem value="macOS" label="macOS">
+        ```shell
+        curl -O https://goauthentik.io/docker-compose.yml
+        ```
+    </TabItem>
+</Tabs>
+
+If this is a fresh authentik installation, you need to generate a password and a secret key. Use a secure password generator of your choice such as pwgen, or you can use `openssl` as below.
+
+Run the following commands to generate a password and secret key and write them to your `.env` file:
+
+{/* prettier-ignore */}
+```shell
+echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .env
+echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .env
+```
+
+:::info
+Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See: https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
+:::
+
+To enable error reporting, run the following command:
+
+```shell
+echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env
+```
+
+## Email configuration (optional but recommended)
+
+It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts and configuration issues. They can also be used by [Email stages](../../add-secure-apps/flows-stages/stages/email/index.mdx) to send verification/recovery emails.
+
+To configure email credentials, append this block to your `.env` file
+
+```shell
+# SMTP Host Emails are sent to
+AUTHENTIK_EMAIL__HOST=localhost
+AUTHENTIK_EMAIL__PORT=25
+# Optionally authenticate (don't add quotation marks to your password)
+AUTHENTIK_EMAIL__USERNAME=
+AUTHENTIK_EMAIL__PASSWORD=
+# Use StartTLS
+AUTHENTIK_EMAIL__USE_TLS=false
+# Use SSL
+AUTHENTIK_EMAIL__USE_SSL=false
+AUTHENTIK_EMAIL__TIMEOUT=10
+# Email address authentik will send from, should have a correct @domain
+AUTHENTIK_EMAIL__FROM=authentik@localhost
+```
+
+## Configure for port 80/443
+
+By default, authentik listens internally on port 9000 for HTTP and 9443 for HTTPS. To change the exposed ports to 80 and 443, you can set the following variables in `.env`:
+
+```shell
+COMPOSE_PORT_HTTP=80
+COMPOSE_PORT_HTTPS=443
+```
+
+See [Configuration](../configuration/configuration.mdx) to change the internal ports. Be sure to run `docker compose up -d` to rebuild with the new port numbers.
+
+## Startup
+
+:::warning
+The server assumes to have local timezone as UTC.
+All internals are handled in UTC; whenever a time is displayed to the user in UI, the time shown is localized.
+Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers.
+This will not give any advantages. It will cause problems with OAuth and SAML authentication, e.g. [see this GitHub issue](https://github.com/goauthentik/authentik/issues/3005).
+:::
+
+Afterward, run these commands to finish:
+
+```shell
+docker compose pull
+docker compose up -d
+```
+
+The `docker-compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `docker-compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes](../../releases/).
+
+To start the initial setup, navigate to `http://<your server's IP or hostname>:9000/if/flow/initial-setup/`.
+
+There you are prompted to set a password for the `akadmin` user (the default user).
+
+For an explanation about what each service in the docker compose file does, see [Architecture](../../core/architecture.md).

website/docs/install-config/install/kubernetes.md

@@ -0,0 +1,104 @@
+---
+title: Kubernetes installation
+---
+
+You can install authentik to run on Kubernetes using Helm Chart.
+
+:::info
+You can also [view a video walk-through](https://www.youtube.com/watch?v=O1qUbrk4Yc8) of the installation process on Kubernetes (with bonus details about email configuration and other important options).
+:::
+
+### Requirements
+
+-   Kubernetes
+-   Helm
+
+## Video
+
+<iframe width="560" height="315" src="https://www.youtube.com/embed/O1qUbrk4Yc8?si=hs-ZhbVk4Y-TW_Vw&amp;start=562" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+
+### Generate Passwords
+
+Start by generating passwords for the database and cache. You can use either of the following commands:
+
+```shell
+pwgen -s 50 1
+openssl rand 60 | base64 -w 0
+```
+
+### Set Values
+
+Create a `values.yaml` file with a minimum of these settings:
+
+```yaml
+authentik:
+    secret_key: "PleaseGenerateASecureKey"
+    # This sends anonymous usage-data, stack traces on errors and
+    # performance data to sentry.io, and is fully opt-in
+    error_reporting:
+        enabled: true
+    postgresql:
+        password: "ThisIsNotASecurePassword"
+
+server:
+    ingress:
+        # Specify kubernetes ingress controller class name
+        ingressClassName: nginx | traefik | kong
+        enabled: true
+        hosts:
+            - authentik.domain.tld
+
+postgresql:
+    enabled: true
+    auth:
+        password: "ThisIsNotASecurePassword"
+redis:
+    enabled: true
+```
+
+See all configurable values on [ArtifactHub](https://artifacthub.io/packages/helm/goauthentik/authentik).
+
+### Install authentik Helm Chart
+
+Now, execute the following commands to install authentik:
+
+```shell
+helm repo add authentik https://charts.goauthentik.io
+helm repo update
+helm upgrade --install authentik authentik/authentik -f values.yaml
+```
+
+During the installation process, the database migrations will be applied automatically on startup.
+
+### Accessing authentik
+
+After the installation is complete, access authentik at `https://<ingress-host-name>/if/flow/initial-setup/`. Here, you can set a password for the default `akadmin` user.
+
+### Optional step: Configure global email credentials
+
+It is recommended to configure global email credentials as well. These are used by authentik to notify you about alerts and configuration issues. Additionally, they can be utilized by [Email stages](../../add-secure-apps/flows-stages/stages/email/index.mdx) to send verification and recovery emails.
+
+To configure this, append this block to your `values.yaml` file:
+
+```yaml
+# add this block under the `authentik:` block in your values.yaml file
+# authentik:
+email:
+    # -- SMTP Server emails are sent from, fully optional
+    host: ""
+    port: 587
+    # -- SMTP credentials. When left empty, no authentication will be done.
+    username: ""
+    # -- SMTP credentials. When left empty, no authentication will be done.
+    password: ""
+    # -- Enable either use_tls or use_ssl. They can't be enabled at the same time.
+    use_tls: false
+    # -- Enable either use_tls or use_ssl. They can't be enabled at the same time.
+    use_ssl: false
+    # -- Connection timeout in seconds
+    timeout: 30
+    # -- Email 'from' address can either be in the format "foo@bar.baz" or "authentik <foo@bar.baz>"
+    from: ""
+```
+
+By following these steps, you will successfully install and set up authentik on Kubernetes using Helm.