diff --git a/manifests/policies/allow-scraping.yaml b/manifests/policies/allow-scraping.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0daf25a191feca7f658404389c78f0cbe4e69bb8
--- /dev/null
+++ b/manifests/policies/allow-scraping.yaml
@@ -0,0 +1,14 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-scraping
+spec:
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+        - protocol: TCP
+          port: 8080
+  podSelector: {}
diff --git a/manifests/policies/allow-webhooks.yaml b/manifests/policies/allow-webhooks.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4f0622d4432ebc139ecbda86c29a47687879d4cc
--- /dev/null
+++ b/manifests/policies/allow-webhooks.yaml
@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-webhooks
+spec:
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector: {}
+  podSelector:
+    matchLabels:
+      app: notification-controller
diff --git a/manifests/policies/deny-ingress.yaml b/manifests/policies/deny-ingress.yaml
index 92550512c07576ccc41773ebe78195c385170ed7..5577032b41ac0f4252e1cbac028ce57c9822bbda 100644
--- a/manifests/policies/deny-ingress.yaml
+++ b/manifests/policies/deny-ingress.yaml
@@ -3,9 +3,9 @@ kind: NetworkPolicy
 metadata:
   name: deny-ingress
 spec:
-  podSelector: {}
   policyTypes:
     - Ingress
   ingress:
   - from:
     - podSelector: {}
+  podSelector: {}
diff --git a/manifests/policies/kustomization.yaml b/manifests/policies/kustomization.yaml
index f535811deb4b0bbe5d48e5da9a3f79c6d089b2c0..6884c9166ed64bd2d84a25369a857f268812f4ec 100644
--- a/manifests/policies/kustomization.yaml
+++ b/manifests/policies/kustomization.yaml
@@ -2,3 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - deny-ingress.yaml
+  - allow-scraping.yaml
+  - allow-webhooks.yaml