diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node.yaml
new file mode 100644
index 00000000..7bb26906
--- /dev/null
+++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-remote-node
+  namespace: spegel
+spec:
+  endpointSelector:
+    matchLabels: {}
+  ingress:
+    - fromEntities:
+        - kube-apiserver
+        - remote-node
+      toPorts:
+        - ports:
+            - port: "5000"
+              protocol: TCP
+{{- end}}
diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-world.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-world.yaml
new file mode 100644
index 00000000..2682f0b6
--- /dev/null
+++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-world.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-world-dns
+  namespace: spegel
+spec:
+  description: Allow DNS world
+  egress:
+    - toPorts:
+        - ports:
+            - port: "5001"
+              protocol: TCP
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: spegel
+{{- end }}