diff --git a/helmfile/cloud-sdk/charts/github-actions-network-policies/templates/egress-allow-internet.yaml b/helmfile/cloud-sdk/charts/github-actions-network-policies/templates/egress-allow-internet.yaml
index 3d5dca0..9647e66 100644
--- a/helmfile/cloud-sdk/charts/github-actions-network-policies/templates/egress-allow-internet.yaml
+++ b/helmfile/cloud-sdk/charts/github-actions-network-policies/templates/egress-allow-internet.yaml
@@ -14,4 +14,3 @@ spec:
         except:
         - 10.10.0.0/16
         - 172.20.0.0/16
-
diff --git a/helmfile/cloud-sdk/charts/github-actions-network-policies/templates/egress-allow-kube-api.yaml b/helmfile/cloud-sdk/charts/github-actions-network-policies/templates/egress-allow-kube-api.yaml
new file mode 100644
index 0000000..16a1f72
--- /dev/null
+++ b/helmfile/cloud-sdk/charts/github-actions-network-policies/templates/egress-allow-kube-api.yaml
@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: egress-allow-kube-api
+spec:
+  podSelector:
+    matchLabels: {}
+  policyTypes:
+  - Egress
+  egress:
+  - ports:
+    - port: 443
+      protocol: TCP
+    to:
+    - ipBlock:
+        cidr: 172.20.0.1/32
+    - ipBlock:
+        cidr: 10.10.11.166/32
+    - ipBlock:
+        cidr: 10.10.12.140/32