update keycloak for HA

deploy/keycloak/keycloak.yaml

@@ -53,7 +53,7 @@ spec:
             - "start"
             - "--cache=ispn"                      # Enable distributed Infinispan cache (HA mode) [oai_citation_attribution:0‡keycloak.org](https://www.keycloak.org/server/caching#:~:text=When%20you%20start%20Keycloak%20in,in%20your%20network%20are%20discovered)
             - "--cache-stack=kubernetes"          # Use built-in Kubernetes stack for clustering (DNS_PING)
-            - "--hostname=https://sso.panic.haus" # External URL for Keycloak (use HTTPS for TLS offload)
+#            - "--hostname=https://sso.panic.haus" # External URL for Keycloak (use HTTPS for TLS offload)
             - "--http-enabled=true"               # Allow Keycloak to listen on HTTP (for edge TLS termination) [oai_citation_attribution:1‡keycloak.org](https://www.keycloak.org/server/hostname#:~:text=provides%20the%20flexibility%20for%20users,start%20the%20server%20as%20follows)
             - "-Djgroups.dns.query=keycloak-headless"
           env:
@@ -61,8 +61,10 @@ spec:
               value: "admin"
             - name: KEYCLOAK_ADMIN_PASSWORD
               value: "admin"
-            - name: KC_HOSTNAME
-              value: "sso.panic.haus"
+#            - name: KC_PROXY_HEADERS
+#              value: "xforwarded"
+#            - name: KC_HOSTNAME
+#              value: "sso.panic.haus"
             - name: KC_HTTP_ENABLED
               value: "true"
             - name: KC_HEALTH_ENABLED
@@ -91,6 +93,8 @@ spec:
             # Enable proxy address forwarding since Keycloak is behind an NGINX proxy
             - name: PROXY_ADDRESS_FORWARDING
               value: "true"                        # Trust X-Forwarded-* headers [oai_citation_attribution:3‡github.com](https://github.com/codecentric/helm-charts/issues/325#:~:text=extraEnv%3A%20%7C%20,name%3A%20CACHE_OWNERS_AUTH_SESSIONS_COUNT)
+#            - name: KC_PROXY
+#              value: "edge"                        # Keycloak is behind an edge (TLS termination) proxy
             - name: KC_HOSTNAME_STRICT
               value: "false"                       # Disable strict host check (allow internal/external host differences)
             # (Optional) Enable health and metrics endpoints for monitoring:
@@ -108,13 +112,13 @@ spec:
             httpGet:
               path: /health/live
               port: 8080
-            initialDelaySeconds: 60
+            initialDelaySeconds: 90
             periodSeconds: 30
           readinessProbe:
             httpGet:
               path: /health/ready
               port: 8080
-            initialDelaySeconds: 30
+            initialDelaySeconds: 60
             periodSeconds: 15
       affinity:
         # Spread pods across different nodes for higher availability