diff --git a/cinny/Chart.yaml b/cinny/Chart.yaml
index 578a233..63b5b09 100644
--- a/cinny/Chart.yaml
+++ b/cinny/Chart.yaml
@@ -3,7 +3,7 @@ name: cinny
 description: A Helm Chart to install cinny (yet another matrix client)
 icon: https://cinny.in/assets/favicon-48x48.png
 type: application
-version: "0.1.0"
+version: "0.2.0"
 # renovate: image=ghcr.io/cinnyapp/cinny
 appVersion: "4.6.0"
 maintainers:
diff --git a/cinny/README.md b/cinny/README.md
index 18198cb..3e1df63 100644
--- a/cinny/README.md
+++ b/cinny/README.md
@@ -7,7 +7,7 @@ description: "A Helm Chart to install cinny (yet another matrix client)"
 
 # cinny
 
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.0](https://img.shields.io/badge/AppVersion-4.6.0-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.0](https://img.shields.io/badge/AppVersion-4.6.0-informational?style=flat-square)
 
 A Helm Chart to install cinny (yet another matrix client)
 
@@ -91,6 +91,10 @@ helm uninstall cinny-release
 | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
 | ingress.tls | list | `[]` |  |
 | nameOverride | string | `""` |  |
+| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy |
+| networkPolicy.egress.extra | list | `[]` | egress rules |
+| networkPolicy.enabled | bool | `false` |  |
+| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
diff --git a/cinny/templates/networkpolicy.yaml b/cinny/templates/networkpolicy.yaml
new file mode 100644
index 0000000..440438d
--- /dev/null
+++ b/cinny/templates/networkpolicy.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.networkPolicy.enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "cinny.fullname" . }}
+  labels:
+    {{- include "cinny.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "cinny.selectorLabels" . | nindent 6 }}
+  policyTypes:
+    - Ingress
+    {{- if .Values.networkPolicy.egress.enabled }}
+    - Egress
+    {{- end }}
+  ingress:
+    - ports:
+        - port: {{ .Values.service.port }}
+          protocol: TCP
+      from:
+        {{- toYaml .Values.networkPolicy.ingress.http | nindent 8 }}
+  {{- with .Values.networkPolicy.egress }}
+  egress:
+    {{- toYaml .extra | nindent 4 }}
+  {{- end }}
+{{- end }}
+
diff --git a/cinny/values.yaml b/cinny/values.yaml
index aaf88b5..2b6af42 100644
--- a/cinny/values.yaml
+++ b/cinny/values.yaml
@@ -85,6 +85,17 @@ service:
   type: ClusterIP
   port: 8080
 
+networkPolicy:
+  enabled: false
+  ingress:
+    # -- ingress for http port (e.g. ingress-controller)
+    http: []
+  egress:
+    # -- activate egress no networkpolicy
+    enabled: true
+    # -- egress rules
+    extra: []
+
 ingress:
   enabled: false
   className: ""