@Sergio_Sanchez_Vega
For keycloak part,
it would be easy to setup. Create Realm and client.
Inside client setup, you need to select the access type confidential .
Additionally you need to add 2 mappers (Audiences, Group membership). Additional informations can be found here OAuth Provider Configuration | OAuth2 Proxy.
Apart from that, you can follow the above yaml files.
If you need to add user role based accessibility on istio, follow How to implement istio authorization based on keycloak user role