diff --git a/config/network-policy/allow-network-traffic.yaml b/config/network-policy/allow-network-traffic.yaml
new file mode 100644
index 00000000..e59c0c83
--- /dev/null
+++ b/config/network-policy/allow-network-traffic.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-egress-api
+  namespace: system
+spec:
+  podSelector:
+    matchLabels:
+      app: external-secrets-operator
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - ports:
+        - protocol: TCP
+          port: 6443 # Required: Kubernetes API server
+  ingress:
+    # Optional: expose metrics (8443 and 8080 based on user configuration)
+    - ports:
+        - protocol: TCP
+          port: 8443
+    - ports:
+        - protocol: TCP
+          port: 8080
\ No newline at end of file
diff --git a/config/network-policy/deny-all.yaml b/config/network-policy/deny-all.yaml
new file mode 100644
index 00000000..194784e9
--- /dev/null
+++ b/config/network-policy/deny-all.yaml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    app: external-secrets-operator
+    app.kubernetes.io/name: external-secrets-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: deny-all-traffic
+  namespace: system
+spec:
+  podSelector:
+    matchLabels:
+      app: external-secrets-operator
+  policyTypes:
+    - Ingress
+    - Egress
\ No newline at end of file
diff --git a/config/network-policy/kustomization.yaml b/config/network-policy/kustomization.yaml
index ec0fb5e5..696becbc 100644
--- a/config/network-policy/kustomization.yaml
+++ b/config/network-policy/kustomization.yaml
@@ -1,2 +1,4 @@
 resources:
 - allow-metrics-traffic.yaml
+- allow-network-traffic.yaml
+- deny-all.yaml
\ No newline at end of file