diff --git a/k8s-peterg/renovate-operator/policies.yaml b/k8s-peterg/renovate-operator/policies.yaml
index 2516fa9..e7c6c9a 100644
--- a/k8s-peterg/renovate-operator/policies.yaml
+++ b/k8s-peterg/renovate-operator/policies.yaml
@@ -15,3 +15,23 @@ spec:
               - 10.0.0.0/8
               - 192.168.0.0/16
               - 172.16.0.0/12
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: kubernetes-egress
+spec:
+  podSelector: {}
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: kube-system
+        - podSelector:
+            matchLabels:
+              k8s-app: kube-apiserver
+    - ports:
+        - protocol: TCP
+          port: 6443