diff --git a/docs/reference/configuration/uds-networking-configuration.md b/docs/reference/configuration/uds-networking-configuration.md
index 3e35776416..7bf7826395 100644
--- a/docs/reference/configuration/uds-networking-configuration.md
+++ b/docs/reference/configuration/uds-networking-configuration.md
@@ -59,8 +59,8 @@ To accomplish this, you can provide a bundle override as follows:
 ```yaml
 packages:
   - name: uds-core
-    repository: ghcr.io/defenseunicorns/packages/uds/core-monitoring
-    ref: 0.31.1-upstream
+    repository: ghcr.io/defenseunicorns/packages/uds/core
+    ref: 0.x.x-upstream
     overrides:
       kube-prometheus-stack:
         uds-prometheus-config:
@@ -86,8 +86,8 @@ It may also be desired to allow Vector to send logs to an external service. To f
 ```yaml
 packages:
   - name: uds-core
-    repository: ghcr.io/defenseunicorns/packages/uds/core-monitoring
-    ref: 0.31.1-upstream
+    repository: ghcr.io/defenseunicorns/packages/uds/core
+    ref: 0.x.x-upstream
     overrides:
       vector:
         uds-vector-config:
@@ -121,8 +121,8 @@ It may be desired to connect Grafana to additional datasources in or outside of
 ```yaml
 packages:
   - name: uds-core
-    repository: ghcr.io/defenseunicorns/packages/uds/core-monitoring
-    ref: 0.31.1-upstream
+    repository: ghcr.io/defenseunicorns/packages/uds/core
+    ref: 0.x.x-upstream
     overrides:
       grafana:
         uds-grafana-config:
@@ -150,8 +150,8 @@ It may be desired send alerts from NeuVector to locations in or outside of the c
 ```yaml
 packages:
   - name: uds-core
-    repository: ghcr.io/defenseunicorns/packages/uds/core-monitoring
-    ref: 0.31.1-upstream
+    repository: ghcr.io/defenseunicorns/packages/uds/core
+    ref: 0.x.x-upstream
     overrides:
       neuvector:
         uds-neuvector-config:
@@ -169,3 +169,57 @@ packages:
 The example above allows NeuVector to send alerts to any external destination. Alternatively, you could use the remoteNamespace key to specify another namespace within the Kubernetes cluster (i.e. Mattermost).
 
 Reference the [spec for allow](https://uds.defenseunicorns.com/reference/configuration/custom-resources/packages-v1alpha1-cr/#allow) for all available fields.
+
+### Keycloak
+
+You may have a need to connect Keycloak to an external IdP or other service that the default network policies do not support. To facilitate this, you can provide a bundle override as follows:
+
+```yaml
+packages:
+  - name: uds-core
+    repository: ghcr.io/defenseunicorns/packages/uds/core
+    ref: 0.x.x-upstream
+    overrides:
+      keycloak:
+        keycloak:
+          values:
+            - path: additionalNetworkAllow
+              value:
+                - direction: Egress
+                  selector:
+                    app.kubernetes.io/name: keycloak
+                  remoteCidr: 72.123.123.123
+                  description: "IdP Connection"
+                  port: 443
+```
+
+The example above allows Keycloak to connect to an "external IdP" at a specific remoteCidr.
+
+Reference the [spec for allow](https://uds.defenseunicorns.com/reference/configuration/custom-resources/packages-v1alpha1-cr/#allow) for all available fields.
+
+### Loki
+
+You may have a need to configure Loki with egress to an additional destination, such as for [external caching](https://grafana.com/docs/loki/latest/operations/caching/) connections. To facilitate this, you can provide a bundle override as follows:
+
+```yaml
+packages:
+  - name: uds-core
+    repository: ghcr.io/defenseunicorns/packages/uds/core
+    ref: 0.x.x-upstream
+    overrides:
+      loki:
+        uds-loki-config:
+          values:
+            - path: additionalNetworkAllow
+              value:
+                - direction: Egress
+                  selector:
+                    app.kubernetes.io/name: loki
+                  remoteCidr: 72.123.123.123
+                  description: "Cache Connection"
+                  port: 6379
+```
+
+The example above allows Loki to connect to an "external cache" at a specific remoteCidr.
+
+Reference the [spec for allow](https://uds.defenseunicorns.com/reference/configuration/custom-resources/packages-v1alpha1-cr/#allow) for all available fields.
diff --git a/src/keycloak/chart/templates/uds-package.yaml b/src/keycloak/chart/templates/uds-package.yaml
index 42bb8a9f52..7f1d192d04 100644
--- a/src/keycloak/chart/templates/uds-package.yaml
+++ b/src/keycloak/chart/templates/uds-package.yaml
@@ -85,6 +85,11 @@ spec:
           - 57800
       {{- end }}
 
+      # Custom rules for additional networking access
+      {{- with .Values.additionalNetworkAllow }}
+      {{ toYaml . | nindent 6 }}
+      {{- end }}
+
     expose:
       - description: "remove private paths from public gateway"
         host: sso
diff --git a/src/keycloak/chart/values.schema.json b/src/keycloak/chart/values.schema.json
index 250321a8c3..80038d2d56 100644
--- a/src/keycloak/chart/values.schema.json
+++ b/src/keycloak/chart/values.schema.json
@@ -15,6 +15,12 @@
     "pathParameterProtection": {
       "type": "boolean"
     },
+    "additionalNetworkAllow": {
+      "type": "array",
+      "items": {
+        "type": "object"
+      }
+    },
     "autoscaling": {
       "type": "object",
       "properties": {
diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml
index 104dd28e54..137a7c7763 100644
--- a/src/keycloak/chart/values.yaml
+++ b/src/keycloak/chart/values.yaml
@@ -58,6 +58,16 @@ insecureAdminPasswordGeneration:
   enabled: false
   username: admin
 
+# Support for custom `network.allow` entries on the Package CR, useful for extra datasources
+additionalNetworkAllow: []
+# ref: https://uds.defenseunicorns.com/reference/configuration/custom-resources/packages-v1alpha1-cr/#allow
+#   - direction: Egress
+#     selector:
+#       app.kubernetes.io/name: keycloak
+#     remoteCidr: 72.123.123.123
+#     description: "IDP"
+#     port: 443
+
 # Indicates whether information about services should be injected into Pod's environment variables, matching the syntax of Docker links
 enableServiceLinks: true
 
diff --git a/src/loki/chart/templates/uds-package.yaml b/src/loki/chart/templates/uds-package.yaml
index 80b87d8eb7..55b2ecd061 100644
--- a/src/loki/chart/templates/uds-package.yaml
+++ b/src/loki/chart/templates/uds-package.yaml
@@ -59,3 +59,8 @@ spec:
         {{- else }}
         remoteGenerated: Anywhere
         {{- end }}
+
+      # Custom rules for additional networking access
+      {{- with .Values.additionalNetworkAllow }}
+      {{ toYaml . | nindent 6 }}
+      {{- end }}
diff --git a/src/loki/chart/values.yaml b/src/loki/chart/values.yaml
index bc95dc29c8..2707feb850 100644
--- a/src/loki/chart/values.yaml
+++ b/src/loki/chart/values.yaml
@@ -9,3 +9,13 @@ storage:
   egressCidr: ""
 
 dashboardAnnotations: {}
+
+# Support for custom `network.allow` entries on the Package CR, useful for extra datasources
+additionalNetworkAllow: []
+# ref: https://uds.defenseunicorns.com/reference/configuration/custom-resources/packages-v1alpha1-cr/#allow
+#   - direction: Egress
+#     selector:
+#       app.kubernetes.io/name: loki
+#     remoteCidr: 72.123.123.123
+#     description: "Cache"
+#     port: 6379