diff --git a/CHANGELOG.md b/CHANGELOG.md
index 04490e9..282883b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project's packages adheres to [Semantic Versioning](http://semver.org/s
 
 ## [Unreleased]
 
+### Added
+
+- Add `CiliumNetworkPolicy`.
+
 ## [1.2.1] - 2023-06-27
 
 ### Fixed
diff --git a/helm/sloth/templates/cilium-network-policy.yaml b/helm/sloth/templates/cilium-network-policy.yaml
new file mode 100644
index 0000000..efb077f
--- /dev/null
+++ b/helm/sloth/templates/cilium-network-policy.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.ciliumNetworkPolicy.enabled -}}
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+  labels:
+    {{- include "sloth.labels" . | nindent 4 }}
+  name: {{ include "sloth.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  endpointSelector:
+    matchLabels:
+      {{- include "sloth.selectorLabels" . | nindent 6 }}
+  egress:
+    - toEntities:
+        - kube-apiserver
+{{- end -}}
diff --git a/helm/sloth/values.schema.json b/helm/sloth/values.schema.json
index ee78dcc..ba79502 100644
--- a/helm/sloth/values.schema.json
+++ b/helm/sloth/values.schema.json
@@ -2,6 +2,14 @@
     "$schema": "http://json-schema.org/schema#",
     "type": "object",
     "properties": {
+        "ciliumNetworkPolicy": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                }
+            }
+        },
         "commonPlugins": {
             "type": "object",
             "properties": {
diff --git a/helm/sloth/values.yaml b/helm/sloth/values.yaml
index f6836fb..514bd83 100644
--- a/helm/sloth/values.yaml
+++ b/helm/sloth/values.yaml
@@ -5,6 +5,9 @@ image:
   repository: giantswarm/sloth
   tag: v0.11.0
 
+ciliumNetworkPolicy:
+  enabled: true
+
 # -- Container resources: requests and limits for CPU, Memory
 resources:
   limits: