diff --git a/infrastructure/monitoring/networkpolicy.yaml b/infrastructure/monitoring/networkpolicy.yaml
index 460c09edfe8295aae0dc88d3f1ca9f4c8f1ad374..a89cc85a0c5c58be61fbf51ded9e50ca92d42c77 100644
--- a/infrastructure/monitoring/networkpolicy.yaml
+++ b/infrastructure/monitoring/networkpolicy.yaml
@@ -12,3 +12,19 @@ spec:
           - alertmanager
           - grafana
           - prometheus
+---
+apiVersion: projectcalico.org/v3
+kind: NetworkPolicy
+metadata:
+  name: allow-controlplane
+spec:
+  selector: app.kubernetes.io/instance == 'kube-prometheus-stack'
+  ingress:
+  - action: Allow
+    protocol: TCP
+    source:
+      selector: has(node-role.kubernetes.io/control-plane)
+      namespaceSelector: global()
+    destination:
+      ports:
+      - 10250
\ No newline at end of file