diff --git a/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml b/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml
new file mode 100644
index 0000000000..8a389d93a4
--- /dev/null
+++ b/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml
@@ -0,0 +1,86 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny-all-traffic
+  namespace: {{ .Values.namespace }}
+spec:
+  podSelector: { }
+  policyTypes:
+    - Ingress
+    - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: olm-operator
+  namespace: {{ .Values.namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      app: olm-operator
+  ingress:
+    - {{ .Values.networkPolicy.metrics | toYaml | nindent 6 | trimSuffix "\n" }}
+  egress:
+    - {{ .Values.networkPolicy.kubeAPIServer | toYaml | nindent 6 | trimSuffix "\n" }}
+    - {{ .Values.networkPolicy.dns | toYaml | nindent 6 | trimSuffix "\n" }}
+  policyTypes:
+    - Ingress
+    - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: catalog-operator
+  namespace: {{ .Values.namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      app: catalog-operator
+  ingress:
+    - {{ .Values.networkPolicy.metrics | toYaml | nindent 6 | trimSuffix "\n" }}
+  egress:
+    - {{ .Values.networkPolicy.kubeAPIServer | toYaml | nindent 6 | trimSuffix "\n" }}
+    - {{ .Values.networkPolicy.dns | toYaml | nindent 6 | trimSuffix "\n" }}
+    - ports: # This is another distinct rule in the egress list
+      - protocol: TCP
+        port: {{ .Values.catalogGrpcPodPort }}
+  policyTypes:
+    - Ingress
+    - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: packageserver
+  namespace: {{ .Values.namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      app: packageserver
+  ingress:
+    - ports:
+      - protocol: TCP
+        port: {{ .Values.package.service.internalPort }}
+  egress:
+    - {{ .Values.networkPolicy.dns | toYaml | nindent 6 | trimSuffix "\n" }}
+    - ports:
+      - protocol: TCP
+        port: {{ .Values.catalogGrpcPodPort }}
+  policyTypes:
+  - Ingress
+  - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ .Values.operator_namespace }}
+spec:
+  podSelector: { }
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - { }
+  egress:
+    - { }
diff --git a/deploy/chart/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml b/deploy/chart/templates/0000_50_olm_02-olm-operator.serviceaccount.yaml
similarity index 100%
rename from deploy/chart/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml
rename to deploy/chart/templates/0000_50_olm_02-olm-operator.serviceaccount.yaml
diff --git a/deploy/chart/templates/0000_50_olm_02-olmconfig.yaml b/deploy/chart/templates/0000_50_olm_03-olmconfig.yaml
similarity index 100%
rename from deploy/chart/templates/0000_50_olm_02-olmconfig.yaml
rename to deploy/chart/templates/0000_50_olm_03-olmconfig.yaml
diff --git a/deploy/chart/templates/0000_50_olm_02-services.yaml b/deploy/chart/templates/0000_50_olm_03-services.yaml
similarity index 100%
rename from deploy/chart/templates/0000_50_olm_02-services.yaml
rename to deploy/chart/templates/0000_50_olm_03-services.yaml
diff --git a/deploy/chart/values.yaml b/deploy/chart/values.yaml
index ffb5891842..4e4ee726b8 100644
--- a/deploy/chart/values.yaml
+++ b/deploy/chart/values.yaml
@@ -19,6 +19,8 @@ writeStatusName: '""'
 imagestream: false
 debug: false
 installType: upstream
+catalogGrpcPodPort: 50051
+
 olm:
   replicaCount: 1
   image:
@@ -75,3 +77,19 @@ package:
 monitoring:
   enabled: false
   namespace: monitoring
+
+networkPolicy:
+  dns:
+    ports:
+      - protocol: TCP
+        port: 53
+      - protocol: UDP
+        port: 53
+  kubeAPIServer:
+    ports:
+      - protocol: TCP
+        port: 6443
+  metrics:
+    ports:
+      - protocol: TCP
+        port: metrics