Issue with Keycloak running on Kubernetes in production mode (HTTPS)

Configuring the server
,
1

Hello there!

I am trying to run a keycloak server on my kubernetes cluster as OIDC authority for the kube-api. But I am not able to access keycloak via HTTPS. I am using HA Proxy Ingress Controller which is working perfectly fine for some other applications, but I am not able to bring keycloak up an running. My database is accessible and working as expected. Do you have any clue what I am doing wrong?

Please find my yaml definitions below. Thanks in advance!

ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak-ingress
  annotations:
    haproxy.org/forwarded-for: "true"
spec:
  tls:
    - hosts:
      - "oidc.mydomain.com"
      secretName: my-tls
  rules:
  - host: "oidc.mydomain.com"
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: keycloak-service
            port:
              number: 443

keycloak.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak-deployment
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
      - name: keycloak
        image: quay.io/keycloak/keycloak:21.1.1
        volumeMounts:
        - name: tls
          mountPath: "/etc/ssl"
          readOnly: true
        args: ["start"]
        env:
        - name: KEYCLOAK_ADMIN
          value: 'admin'
        - name: KEYCLOAK_ADMIN_PASSWORD
          value: 'adminPW'
        - name: KC_PROXY
          value: 'edge'
        - name: KC_HOSTNAME
          value: 'oidc.mydomain.com'
        - name: KC_HOSTNAME_STRICT_HTTPS
          value: 'true'
        - name: KC_DB
          value: 'postgres'
        - name: KC_DB_URL
          value: 'jdbc:postgresql://postgres.postgres-namespace.svc.cluster.local/keycloak'
        - name: KC_DB_USERNAME
          value: 'postgres'
        - name: KC_DB_PASSWORD
          value: 'postgres'
        - name: KC_TRANSACTION_XA_ENABLED
          value: 'true'
        - name: KC_HEALTH_ENABLED
          value: 'true'
        - name: KC_HTTPS_CERTIFICATE_FILE
          value: '/etc/ssl/tls.crt'
        - name: KC_HTTPS_CERTIFICATE_KEY_FILE
          value: '/etc/ssl/tls.crt'
        ports:
        - name: https
          containerPort: 8443
      volumes:
      - name: tls
        secret:
          secretName: my-tls
          optional: false

service.yaml

apiVersion: v1
kind: Service
metadata:
  name: keycloak-service
  labels:
    app: keycloak
spec:
  ports:
  - name: https
    port: 443
    targetPort: 8443
  selector:
    app: keycloak
  type: LoadBalancer

Firefox error message:
Unable to connect

An error occurred during a connection to oidc.mydomain.com.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox Developer Edition is permitted to access the web.