Configuring Nginx Ingress annotations on kubernetes

I have a Kubernetes v1.26 self-managed cluster. I have multiple applications exposed through the Nginx-ingress proxy.

I want to protect the access to those apps through authentification, I found Keycloak and deployed it with the bitnami chart, version docker.io/bitnami/keycloak:20.0.5-debian-11-r4. I have created a realm services and a client nginx in this realm. (I’m not completely confident on what this represents, I’m very new to these concepts)

Now I’m stuck at updating my ingress rules to force authentification when accessing my apps.
I found here an example with oauth to add the following annotations:

annotations:
  nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
  nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"

I tried multiple combinations of $host, /auth /realms/services, I couldn’t find the correct endpoint so far and all requests are redirected to a 404.

On the client page in Keycloak, there are Client id and secret, but I didn’t find any nginx annotation to use them.

How do I set up my ingress with ingress-nginx on kubernetes ?

Thanks!

For anyone stumbling on this, I have found very few documentation so far. Based on this question, I deployed the oauth2 proxy in my cluster, and the auth annotations on my ingress redirects towards the oauth2 proxy.

I have no confirmation about this, but my hypothesis is : Nginx not being able to communicate with Keycloak directly, and oauth2 proxy not able to replace nginx functionnality to manage the kubernetes ingresses.