diff --git a/shared/components/oauth2-proxy/ingress-patch.yaml b/shared/components/oauth2-proxy/ingress-patch.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..2456a2a80a1002a3759b78f853475cba9a41c56a
--- /dev/null
+++ b/shared/components/oauth2-proxy/ingress-patch.yaml
@@ -0,0 +1,9 @@
+- op: add
+  path: /metadata/annotations/nginx.ingress.kubernetes.io~1auth-response-headers
+  value: Authorization
+- op: add
+  path: /metadata/annotations/nginx.ingress.kubernetes.io~1auth-url
+  value: https://$host/oauth2/auth
+- op: add
+  path: /metadata/annotations/nginx.ingress.kubernetes.io~1auth-signin
+  value: https://$host/oauth2/start?rd=$escaped_request_uri
\ No newline at end of file
diff --git a/shared/components/oauth2-proxy/kustomization.yaml b/shared/components/oauth2-proxy/kustomization.yaml
index a92d7e6dd88ef6b3ee8ac2b6aa6679556c86d065..206a82bc7a3159fe6278471c48536b49b2a58ec7 100644
--- a/shared/components/oauth2-proxy/kustomization.yaml
+++ b/shared/components/oauth2-proxy/kustomization.yaml
@@ -6,4 +6,12 @@ resources:
   - secret.yaml
   - repository.yaml
   - release.yaml
-  - networkpolicy.yaml
\ No newline at end of file
+  - networkpolicy.yaml
+
+patches:
+  - path: ingress-patch.yaml
+    target:
+      group: networking.k8s.io
+      version: v1
+      kind: Ingress
+      annotationSelector: "oauth2-proxy.kustomize.si-infra.de/exclude-ingress!=true"
\ No newline at end of file