[stable/zed] fix: add ingress annotations for keycloak (#2032)

This is an automated cherry-pick of #1890
/assign mnaser
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index ae467d2..ff66cfa 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -99,8 +99,7 @@
     ingress_service_name: "{{ keycloak_helm_release_name }}"
     ingress_service_port: 80
     ingress_secret_name: "{{ keycloak_host_tls_secret_name }}"
-    ingress_annotations:
-      cert-manager.io/cluster-issuer: "{{ keycloak_ingress_cluster_issuer }}"
+    ingress_annotations: "{{ _keycloak_ingress_annotations | combine(keycloak_ingress_annotations, recursive=True) }}"
 
 - name: Enable pxc strict mode
   run_once: true
diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml
index 2eff440..48344f4 100644
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@@ -12,6 +12,9 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+_keycloak_ingress_annotations:
+  cert-manager.io/cluster-issuer: "{{ keycloak_ingress_cluster_issuer }}"
+
 _keycloak_helm_values:
   # Note(okozachenko1203): Mysql vendor is not supported by bitnami helm chart. As a workaround,
   #                        we have to define jdbc connection string explicitly along side