I have a Kubernetes v1.26 self-managed cluster. I have multiple applications exposed through the Nginx-ingress proxy.
I want to protect the access to those apps through authentification, I found Keycloak and deployed it with the bitnami chart, version docker.io/bitnami/keycloak:20.0.5-debian-11-r4
. I have created a realm services
and a client nginx
in this realm. (I’m not completely confident on what this represents, I’m very new to these concepts)
Now I’m stuck at updating my ingress rules to force authentification when accessing my apps.
I found here an example with oauth to add the following annotations:
annotations:
nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
I tried multiple combinations of $host
, /auth
/realms/services
, I couldn’t find the correct endpoint so far and all requests are redirected to a 404.
On the client page in Keycloak, there are Client id and secret, but I didn’t find any nginx annotation to use them.
How do I set up my ingress with ingress-nginx on kubernetes ?
Thanks!