diff --git a/charts/chainlink-cluster/templates/chainlink-db-networkpolicy.yaml b/charts/chainlink-cluster/templates/chainlink-db-networkpolicy.yaml
new file mode 100644
index 00000000000..bd989e8732b
--- /dev/null
+++ b/charts/chainlink-cluster/templates/chainlink-db-networkpolicy.yaml
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ $.Release.Name }}-db
+spec:
+  podSelector:
+    matchLabels:
+      app: {{ $.Release.Name }}-db
+  policyTypes:
+    - Ingress
+  ingress:
+    # Allow all node pods to access the database pods.
+    - from:
+        - podSelector:
+            matchLabels:
+              app: {{ $.Release.Name }}
+      ports:
+        - protocol: TCP
+          port: 5432
+    # Allow all runner pods to access the database pods.
+    - from:
+        - podSelector:
+            matchLabels:
+              app: runner
+      ports:
+        - protocol: TCP
+          port: 5432
diff --git a/charts/chainlink-cluster/templates/chainlink-node-networkpolicy.yaml b/charts/chainlink-cluster/templates/chainlink-node-networkpolicy.yaml
new file mode 100644
index 00000000000..8ae02d7a46e
--- /dev/null
+++ b/charts/chainlink-cluster/templates/chainlink-node-networkpolicy.yaml
@@ -0,0 +1,57 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ $.Release.Name }}-node
+spec:
+  podSelector:
+    matchLabels:
+      app: {{ $.Release.Name }}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    # Allow all ingress traffic between the node pods and from runner pod.
+    - from:
+        - podSelector:
+            matchLabels:
+              app: {{ $.Release.Name }}
+    - from:
+      - podSelector:
+          matchLabels:
+            app: runner
+  egress:
+    # Allow all egress traffic between the node pods and to runner pod.
+    - to:
+        - podSelector:
+            matchLabels:
+              app: {{ $.Release.Name }}
+    - to:
+        - podSelector:
+            matchLabels:
+              app: runner
+    # Allow all node pods to access the database pods.
+    - to:
+        - podSelector:
+            matchLabels:
+              app: {{ $.Release.Name }}-db
+          ports:
+            - protocol: TCP
+              port: 5432
+    # Allow all node pods to access the geth pods.
+    - to:
+        - podSelector:
+            matchLabels:
+              app: geth
+      ports:
+        - protocol: TCP
+          port: 8544
+        - protocol: TCP
+          port: 8546  
+    # Allow all node pods to access the mockserver pods.
+    - to:
+        - podSelector:
+            matchLabels:
+              app: mockserver
+      ports:
+        - protocol: TCP
+          port: 1080
diff --git a/charts/chainlink-cluster/templates/geth-networkpolicy.yaml b/charts/chainlink-cluster/templates/geth-networkpolicy.yaml
new file mode 100644
index 00000000000..87d6ac1c535
--- /dev/null
+++ b/charts/chainlink-cluster/templates/geth-networkpolicy.yaml
@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ $.Release.Name }}-geth
+spec:
+  podSelector:
+    matchLabels:
+      app: geth
+  policyTypes:
+    - Ingress
+  ingress:
+    # Allow http and websocket connections from the node pods.
+    - from:
+        - podSelector:
+            matchLabels:
+              app: {{ $.Release.Name }}
+      ports:
+        - protocol: TCP
+          port: 8544
+        - protocol: TCP
+          port: 8546
+    # Allow http and websocket connections from the runner pods.
+    - from:
+        - podSelector:
+            matchLabels:
+              app: runner
+      ports:
+        - protocol: TCP
+          port: 8544
+        - protocol: TCP
+          port: 8546
diff --git a/charts/chainlink-cluster/templates/mockserver-networkpolicy.yaml b/charts/chainlink-cluster/templates/mockserver-networkpolicy.yaml
new file mode 100644
index 00000000000..f5c56c79690
--- /dev/null
+++ b/charts/chainlink-cluster/templates/mockserver-networkpolicy.yaml
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ $.Release.Name }}-mockserver
+spec:
+  podSelector:
+    matchLabels:
+      app: mockserver
+  policyTypes:
+    - Ingress
+  ingress:
+    # Allow http traffic from the node pods.
+    - from:
+        - podSelector:
+            matchLabels:
+              app: {{ $.Release.Name }}
+      ports:
+        - protocol: TCP
+          port: 1080
+    # Allow http traffic from the runner pods.
+    - from:
+        - podSelector:
+            matchLabels:
+              app: runner
+      ports:
+        - protocol: TCP
+          port: 1080
diff --git a/charts/chainlink-cluster/templates/networkpolicy-default-deny.yaml b/charts/chainlink-cluster/templates/networkpolicy-default-deny.yaml
new file mode 100644
index 00000000000..69f1da2e0b5
--- /dev/null
+++ b/charts/chainlink-cluster/templates/networkpolicy-default-deny.yaml
@@ -0,0 +1,9 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny-all
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+    - Egress