diff --git a/manifests/policies/allow-scraping.yaml b/manifests/policies/allow-scraping.yaml
new file mode 100644
index 00000000..0daf25a1
--- /dev/null
+++ b/manifests/policies/allow-scraping.yaml
@@ -0,0 +1,14 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-scraping
+spec:
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+        - protocol: TCP
+          port: 8080
+  podSelector: {}
diff --git a/manifests/policies/allow-webhooks.yaml b/manifests/policies/allow-webhooks.yaml
new file mode 100644
index 00000000..4f0622d4
--- /dev/null
+++ b/manifests/policies/allow-webhooks.yaml
@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-webhooks
+spec:
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector: {}
+  podSelector:
+    matchLabels:
+      app: notification-controller
diff --git a/manifests/policies/deny-ingress.yaml b/manifests/policies/deny-ingress.yaml
index 92550512..5577032b 100644
--- a/manifests/policies/deny-ingress.yaml
+++ b/manifests/policies/deny-ingress.yaml
@@ -3,9 +3,9 @@ kind: NetworkPolicy
 metadata:
   name: deny-ingress
 spec:
-  podSelector: {}
   policyTypes:
     - Ingress
   ingress:
   - from:
     - podSelector: {}
+  podSelector: {}
diff --git a/manifests/policies/kustomization.yaml b/manifests/policies/kustomization.yaml
index f535811d..6884c916 100644
--- a/manifests/policies/kustomization.yaml
+++ b/manifests/policies/kustomization.yaml
@@ -2,3 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - deny-ingress.yaml
+  - allow-scraping.yaml
+  - allow-webhooks.yaml