Deploy in GKE ingress

currently I have keycloak deployed using ambassador on kubernetes

using the ambassador tls , and i have a java application on kubernetes communicating to it

all works OK but i have to migrate to GKE native ingress (no ambassador), any idea how to insert a https certificate between my java app and keycloak, currently spring security fails in the java app due to the https certificate validation in the keycloak response.