apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
  name: keycloak-server
spec:
  instances: 2
  db:
    vendor: postgres
    host: postgres-db
    usernameSecret:
      name: keycloak-db-secret
      key: username
    passwordSecret:
      name: keycloak-db-secret
      key: password
  hostname:
    hostname: keycloak.grxe.io
  http:
    httpEnabled: true
  ingress:
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
    className: nginx
    enabled: true
    tlsSecret: keycloak-tls-secret
  proxy:
    headers: xforwarded # double check your reverse proxy sets and overwrites the X-Forwarded-* headers