keycloak update to 7.1.7-bb.1
Package Merge Request
Package Changes
https://repo1.dso.mil/big-bang/product/packages/keycloak/-/blob/7.1.7-bb.1/CHANGELOG.md
Package MR
big-bang/product/packages/keycloak!336 (merged)
For Issue
Closes big-bang/product/packages/keycloak#284 (closed)
Upgrade Notices
Keycloak is now leveraging our bb-common integration for network policies and all istio-related resources. Please refer to this blog post for additional information on the integration.
As part of the integration two new package level definitions have been created with their defaults shown below:
smtp-subnets:
to:
- ipBlock:
cidr: 192.168.0.0/16
- ipBlock:
cidr: 172.16.0.0/12
- ipBlock:
cidr: 10.0.0.0/8
ports:
- port: 587
protocol: TCP
ldap-subnets:
to:
- ipBlock:
cidr: 192.168.0.0/16
- ipBlock:
cidr: 172.16.0.0/12
- ipBlock:
cidr: 10.0.0.0/8
ports:
- port: 636
protocol: TCPThese definitions allow all traffic to any private IP address using the secure version of each protocol, but can be modified to suit a given environments needs. They are disabled by default, but can easily be enabled by using the following in your values file:
networkPolicies:
egress:
from:
keycloak:
to:
definition:
ldap-subnets: true
smtp-subnets: trueEdited by Jimmy Bourque