fix: add ingress annotations for keycloak (#1890)

fixes: #1839

Reviewed-by: Oleksandr K.
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index e596d84..f1b8bba 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -99,8 +99,7 @@
     ingress_service_name: "{{ keycloak_helm_release_name }}"
     ingress_service_port: 80
     ingress_secret_name: "{{ keycloak_host_tls_secret_name }}"
-    ingress_annotations:
-      cert-manager.io/cluster-issuer: "{{ keycloak_ingress_cluster_issuer }}"
+    ingress_annotations: "{{ _keycloak_ingress_annotations | combine(keycloak_ingress_annotations, recursive=True) }}"
 
 - name: Enable pxc strict mode
   run_once: true
diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml
index a03de36..41ee1ee 100644
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@@ -12,6 +12,9 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+_keycloak_ingress_annotations:
+  cert-manager.io/cluster-issuer: "{{ keycloak_ingress_cluster_issuer }}"
+
 _keycloak_helm_values:
   # NOTE(mnaser): These workarounds below are needed to allow the Bitnami Helm chart to work with
   #               the upstream image.