diff --git a/config/base/common/kustomization.yaml b/config/base/common/kustomization.yaml
index c313b5408..be904a9ab 100644
--- a/config/base/common/kustomization.yaml
+++ b/config/base/common/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - namespace.yaml
+- network_policy.yaml
diff --git a/config/base/common/network_policy.yaml b/config/base/common/network_policy.yaml
new file mode 100644
index 000000000..86d352975
--- /dev/null
+++ b/config/base/common/network_policy.yaml
@@ -0,0 +1,11 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny-all-traffic
+  namespace: system
+spec:
+  podSelector: { }
+  policyTypes:
+    - Ingress
+    - Egress
+