diff --git a/keycloak/ingress.yaml b/keycloak/ingress.yaml
new file mode 100644
index 0000000..5e04631
--- /dev/null
+++ b/keycloak/ingress.yaml
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: keycloak-cascade
+  namespace: keycloak
+  annotations:
+    haproxy-ingress.github.io/ssl-redirect: "true"
+    haproxy-ingress.github.io/secure-backends: "true"
+    haproxy-ingress.github.io/timeout-client: 5m
+    haproxy-ingress.github.io/timeout-server: 5m
+spec:
+  ingressClassName: haproxy
+  rules:
+  - host: auth.werts.us
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: cascade-service
+            port:
+              number: 443
+  tls:
+  - hosts:
+    - auth.werts.us
+    secretName: wildcard-tls