docs(faq): add oauth example (#378)

Co-authored-by: Jo <[email protected]>

docs/faq.md

@@ -98,7 +98,7 @@ pg:
 app:
   ~chart: app
   ~needs: [build-app, seed-db]
-  # use CNPG db created secret 
+  # use CNPG db created secret
   envFrom:
     - secretRef:
         name: pg-app
@@ -170,6 +170,57 @@ jobs:
         context: packages/api
 ```
 
+## Add an oauth2 proxy to protect some application
+
+You can delegate application authentication to [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy) that can connect to multiple identity providers like GitHub, Azure, AD, KeyCloak...
+
+This has many security advantages :
+
+- hides all your application from external users
+- delegates all security processes to state-of-the-art providers
+- application can receive verifiable user identity
+
+You'll have to disable the default application ingress and replace it with `oauth2-proxy` one then register your application, see [compatible providers](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider).
+
+```mermaid
+graph LR
+Internet["🌍" Internet]-->Proxy["🔒" Proxy]
+subgraph Cluster
+Proxy-->WebApp["🧑‍💼" WebApp]
+Proxy<-->IDP["🔑" Identity providers]
+end
+```
+
+In `.kontinuous/values.yaml` :
+
+```yaml
+# Application to protect
+metabase:
+  ingress:
+    enabled: false # disable ingress (internet exposition)
+  # metabase secrets and settings
+  envFrom:
+    - secretRef:
+        name: metabase
+
+oauth2-proxy:
+  # public URL that will show metabase once loggedin
+  host: "metabase.myapp.somewhere.fr"
+  # internal protected service URL
+  upstream: http://metabase
+  # oauth2-proxy secrets and settings
+  envFrom:
+    - secretRef:
+        name: oauth2-proxy
+  env:
+    - name: OAUTH2_PROXY_PROVIDER
+      value: github
+    - name: OAUTH2_PROXY_GITHUB_ORG
+      value: some-org
+```
+
+**NOTE** in this example, only users from `some-org` GitHub organisation can access the metabase, but they also have to login on the metabase separately.
+
 ## Define a custom docker registry
 
 [TODO]