diff --git a/values/kyverno/manifests/kyverno-generate-cilium-network-policies.yaml b/values/kyverno/manifests/kyverno-generate-cilium-network-policies.yaml
new file mode 100644
index 00000000..e7ae547a
--- /dev/null
+++ b/values/kyverno/manifests/kyverno-generate-cilium-network-policies.yaml
@@ -0,0 +1,29 @@
+{{- if and (.Values.kyverno.enabled) (.Values.clusterConfig.cilium.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kyverno:generate-cilium-networkpolicies
+rules:
+- apiGroups:
+  - cilium.io
+  resources:
+  - ciliumnetworkpolicies
+  verbs:
+  - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kyverno:generate-cilium-networkpolicies
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kyverno:generate-cilium-networkpolicies
+subjects:
+- kind: ServiceAccount
+  name: kyverno
+  namespace: kyverno
+- kind: ServiceAccount
+  name: kyverno-background-controller
+  namespace: kyverno
+{{- end }}
diff --git a/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml
index d52ee5c9..62ea828c 100644
--- a/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml
+++ b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -13,3 +14,4 @@ spec:
               protocol: TCP
   endpointSelector:
     matchLabels: {}
+{{- end }}
diff --git a/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
index f547d4a5..62206e13 100644
--- a/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
+++ b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -15,3 +16,4 @@ spec:
         - ports:
             - port: "8000"
               protocol: TCP
+{{- end }}
diff --git a/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-kyverno.yaml b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-kyverno.yaml
index 5087fa86..86b4ab47 100644
--- a/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-kyverno.yaml
+++ b/values/kyverno/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-kyverno.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
@@ -10,3 +11,4 @@ spec:
   ingress:
     - fromEntities:
         - remote-node
+{{- end }}