diff --git a/values/cert-manager/manifests/policies/allow-remote-node-webhook.yaml b/values/cert-manager/manifests/policies/allow-remote-node-webhook.yaml
new file mode 100644
index 00000000..2a8bac65
--- /dev/null
+++ b/values/cert-manager/manifests/policies/allow-remote-node-webhook.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-remote-node-webhooks
+  namespace: cert-manager
+spec:
+  endpointSelector:
+    matchLabels: {}
+  ingress:
+  - fromEntities:
+    - kube-apiserver
+    - remote-node
+  - toPorts:
+    - ports:
+      - port: "8443"
+        protocol: TCP
+{{- end }}