diff --git a/README.adoc b/README.adoc
index 4ee1b5e..eefe6f7 100644
--- a/README.adoc
+++ b/README.adoc
@@ -36,14 +36,14 @@ The following requirements are needed by this module:
 
 The following providers are used by this module:
 
+- [[provider_null]] <<provider_null,null>> (>= 3)
+
 - [[provider_random]] <<provider_random,random>> (>= 3)
 
 - [[provider_argocd]] <<provider_argocd,argocd>> (>= 6)
 
 - [[provider_utils]] <<provider_utils,utils>> (>= 1)
 
-- [[provider_null]] <<provider_null,null>> (>= 3)
-
 === Resources
 
 The following resources are used by this module:
@@ -114,7 +114,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v7.0.0"`
+Default: `"v7.0.1"`
 
 ==== [[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
 
@@ -270,6 +270,14 @@ Type: `bool`
 
 Default: `false`
 
+==== [[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
+
+Description: Enable or disable network policy for Thanos components.
+
+Type: `bool`
+
+Default: `false`
+
 === Outputs
 
 The following outputs are exported:
@@ -302,8 +310,8 @@ Description: ID to pass other modules in order to refer to this module as a depe
 |===
 |Name |Version
 |[[provider_random]] <<provider_random,random>> |>= 3
-|[[provider_utils]] <<provider_utils,utils>> |>= 1
 |[[provider_argocd]] <<provider_argocd,argocd>> |>= 6
+|[[provider_utils]] <<provider_utils,utils>> |>= 1
 |[[provider_null]] <<provider_null,null>> |>= 3
 |===
 
@@ -365,7 +373,7 @@ Description: ID to pass other modules in order to refer to this module as a depe
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v7.0.0"`
+|`"v7.0.1"`
 |no
 
 |[[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
@@ -513,6 +521,12 @@ object({
 |`false`
 |no
 
+|[[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
+|Enable or disable network policy for Thanos components.
+|`bool`
+|`false`
+|no
+
 |===
 
 = Outputs
diff --git a/aks/README.adoc b/aks/README.adoc
index 8b3d397..afa58bf 100644
--- a/aks/README.adoc
+++ b/aks/README.adoc
@@ -318,7 +318,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v7.0.0"`
+Default: `"v7.0.1"`
 
 ==== [[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
 
@@ -474,6 +474,14 @@ Type: `bool`
 
 Default: `false`
 
+==== [[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
+
+Description: Enable or disable network policy for Thanos components.
+
+Type: `bool`
+
+Default: `false`
+
 === Outputs
 
 The following outputs are exported:
@@ -592,7 +600,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v7.0.0"`
+|`"v7.0.1"`
 |no
 
 |[[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
@@ -740,6 +748,12 @@ object({
 |`false`
 |no
 
+|[[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
+|Enable or disable network policy for Thanos components.
+|`bool`
+|`false`
+|no
+
 |===
 
 = Outputs
diff --git a/aks/main.tf b/aks/main.tf
index 7fed679..248f675 100644
--- a/aks/main.tf
+++ b/aks/main.tf
@@ -59,18 +59,19 @@ resource "azurerm_federated_identity_credential" "thanos" {
 module "thanos" {
   source = "../"
 
-  cluster_name           = var.cluster_name
-  base_domain            = var.base_domain
-  subdomain              = var.subdomain
-  argocd_project         = var.argocd_project
-  argocd_labels          = var.argocd_labels
-  destination_cluster    = var.destination_cluster
-  target_revision        = var.target_revision
-  cluster_issuer         = var.cluster_issuer
-  deep_merge_append_list = var.deep_merge_append_list
-  enable_service_monitor = var.enable_service_monitor
-  app_autosync           = var.app_autosync
-  dependency_ids         = var.dependency_ids
+  cluster_name            = var.cluster_name
+  base_domain             = var.base_domain
+  subdomain               = var.subdomain
+  argocd_project          = var.argocd_project
+  argocd_labels           = var.argocd_labels
+  destination_cluster     = var.destination_cluster
+  target_revision         = var.target_revision
+  cluster_issuer          = var.cluster_issuer
+  deep_merge_append_list  = var.deep_merge_append_list
+  enable_service_monitor  = var.enable_service_monitor
+  app_autosync            = var.app_autosync
+  dependency_ids          = var.dependency_ids
+  enable_network_policies = var.enable_network_policies
 
   resources = var.resources
 
diff --git a/eks/README.adoc b/eks/README.adoc
index 60ee0fc..f85e450 100644
--- a/eks/README.adoc
+++ b/eks/README.adoc
@@ -347,7 +347,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v7.0.0"`
+Default: `"v7.0.1"`
 
 ==== [[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
 
@@ -503,6 +503,14 @@ Type: `bool`
 
 Default: `false`
 
+==== [[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
+
+Description: Enable or disable network policy for Thanos components.
+
+Type: `bool`
+
+Default: `false`
+
 === Outputs
 
 The following outputs are exported:
@@ -620,7 +628,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v7.0.0"`
+|`"v7.0.1"`
 |no
 
 |[[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
@@ -768,6 +776,12 @@ object({
 |`false`
 |no
 
+|[[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
+|Enable or disable network policy for Thanos components.
+|`bool`
+|`false`
+|no
+
 |===
 
 = Outputs
diff --git a/eks/main.tf b/eks/main.tf
index c6bcde7..55ad107 100644
--- a/eks/main.tf
+++ b/eks/main.tf
@@ -50,18 +50,19 @@ module "iam_assumable_role_thanos" {
 module "thanos" {
   source = "../"
 
-  cluster_name           = var.cluster_name
-  base_domain            = var.base_domain
-  subdomain              = var.subdomain
-  argocd_project         = var.argocd_project
-  argocd_labels          = var.argocd_labels
-  destination_cluster    = var.destination_cluster
-  target_revision        = var.target_revision
-  cluster_issuer         = var.cluster_issuer
-  deep_merge_append_list = var.deep_merge_append_list
-  enable_service_monitor = var.enable_service_monitor
-  app_autosync           = var.app_autosync
-  dependency_ids         = var.dependency_ids
+  cluster_name            = var.cluster_name
+  base_domain             = var.base_domain
+  subdomain               = var.subdomain
+  argocd_project          = var.argocd_project
+  argocd_labels           = var.argocd_labels
+  destination_cluster     = var.destination_cluster
+  target_revision         = var.target_revision
+  cluster_issuer          = var.cluster_issuer
+  deep_merge_append_list  = var.deep_merge_append_list
+  enable_service_monitor  = var.enable_service_monitor
+  app_autosync            = var.app_autosync
+  dependency_ids          = var.dependency_ids
+  enable_network_policies = var.enable_network_policies
 
   resources = var.resources
 
diff --git a/kind/README.adoc b/kind/README.adoc
index dd4b60f..204e915 100644
--- a/kind/README.adoc
+++ b/kind/README.adoc
@@ -245,7 +245,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v7.0.0"`
+Default: `"v7.0.1"`
 
 ==== [[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
 
@@ -401,6 +401,14 @@ Type: `bool`
 
 Default: `false`
 
+==== [[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
+
+Description: Enable or disable network policy for Thanos components.
+
+Type: `bool`
+
+Default: `false`
+
 === Outputs
 
 The following outputs are exported:
@@ -497,7 +505,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v7.0.0"`
+|`"v7.0.1"`
 |no
 
 |[[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
@@ -645,6 +653,12 @@ object({
 |`false`
 |no
 
+|[[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
+|Enable or disable network policy for Thanos components.
+|`bool`
+|`false`
+|no
+
 |===
 
 = Outputs
diff --git a/kind/main.tf b/kind/main.tf
index 721e18d..01651f6 100644
--- a/kind/main.tf
+++ b/kind/main.tf
@@ -1,18 +1,19 @@
 module "thanos" {
   source = "../"
 
-  cluster_name           = var.cluster_name
-  base_domain            = var.base_domain
-  subdomain              = var.subdomain
-  argocd_project         = var.argocd_project
-  argocd_labels          = var.argocd_labels
-  destination_cluster    = var.destination_cluster
-  target_revision        = var.target_revision
-  cluster_issuer         = var.cluster_issuer
-  deep_merge_append_list = var.deep_merge_append_list
-  enable_service_monitor = var.enable_service_monitor
-  app_autosync           = var.app_autosync
-  dependency_ids         = var.dependency_ids
+  cluster_name            = var.cluster_name
+  base_domain             = var.base_domain
+  subdomain               = var.subdomain
+  argocd_project          = var.argocd_project
+  argocd_labels           = var.argocd_labels
+  destination_cluster     = var.destination_cluster
+  target_revision         = var.target_revision
+  cluster_issuer          = var.cluster_issuer
+  deep_merge_append_list  = var.deep_merge_append_list
+  enable_service_monitor  = var.enable_service_monitor
+  app_autosync            = var.app_autosync
+  dependency_ids          = var.dependency_ids
+  enable_network_policies = var.enable_network_policies
 
   resources = var.resources
 
diff --git a/locals.tf b/locals.tf
index 098f82a..782afad 100644
--- a/locals.tf
+++ b/locals.tf
@@ -44,7 +44,7 @@ locals {
           limits   = { for k, v in var.resources.storegateway.limits : k => v if v != null }
         }
         networkPolicy = {
-          enabled = false
+          enabled = var.enable_network_policies
         }
         extraFlags = [
           # Store Gateway index cache config -> https://thanos.io/tip/components/store.md/#index-cache
@@ -84,7 +84,7 @@ locals {
           limits   = { for k, v in var.resources.query.limits : k => v if v != null }
         }
         networkPolicy = {
-          enabled = false
+          enabled = var.enable_network_policies
         }
       }
 
@@ -108,7 +108,7 @@ locals {
           size = local.thanos.compactor_persistence_size
         }
         networkPolicy = {
-          enabled = false
+          enabled = var.enable_network_policies
         }
       }
 
@@ -200,7 +200,25 @@ locals {
           }]
         }
         networkPolicy = {
-          enabled = false
+          enabled = var.enable_network_policies
+          extraIngress = var.enable_network_policies ? [
+            {
+              from = [{
+                namespaceSelector = {
+                  matchLabels = {
+                    "kubernetes.io/metadata.name" = "traefik"
+                  }
+                }
+                },
+                {
+                  podSelector = {
+                    matchLabels = {
+                      "app" = "traefik"
+                    }
+                  }
+              }]
+            }
+          ] : []
         }
       }
 
@@ -334,17 +352,35 @@ locals {
           }]
         }
         networkPolicy = {
-          enabled = false
+          enabled = var.enable_network_policies
+          extraIngress = var.enable_network_policies ? [
+            {
+              from = [{
+                namespaceSelector = {
+                  matchLabels = {
+                    "kubernetes.io/metadata.name" = "traefik"
+                  }
+                }
+                },
+                {
+                  podSelector = {
+                    matchLabels = {
+                      "app" = "traefik"
+                    }
+                  }
+              }]
+            }
+          ] : []
         }
       }
       receive = {
         networkPolicy = {
-          enabled = false
+          enabled = var.enable_network_policies
         }
       }
       ruler = {
         networkPolicy = {
-          enabled = false
+          enabled = var.enable_network_policies
         }
       }
     }
diff --git a/sks/README.adoc b/sks/README.adoc
index 2d02817..3323965 100644
--- a/sks/README.adoc
+++ b/sks/README.adoc
@@ -188,7 +188,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v7.0.0"`
+Default: `"v7.0.1"`
 
 ==== [[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
 
@@ -344,6 +344,14 @@ Type: `bool`
 
 Default: `false`
 
+==== [[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
+
+Description: Enable or disable network policy for Thanos components.
+
+Type: `bool`
+
+Default: `false`
+
 === Outputs
 
 The following outputs are exported:
@@ -439,7 +447,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v7.0.0"`
+|`"v7.0.1"`
 |no
 
 |[[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
@@ -587,6 +595,12 @@ object({
 |`false`
 |no
 
+|[[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
+|Enable or disable network policy for Thanos components.
+|`bool`
+|`false`
+|no
+
 |===
 
 = Outputs
diff --git a/sks/main.tf b/sks/main.tf
index 721e18d..01651f6 100644
--- a/sks/main.tf
+++ b/sks/main.tf
@@ -1,18 +1,19 @@
 module "thanos" {
   source = "../"
 
-  cluster_name           = var.cluster_name
-  base_domain            = var.base_domain
-  subdomain              = var.subdomain
-  argocd_project         = var.argocd_project
-  argocd_labels          = var.argocd_labels
-  destination_cluster    = var.destination_cluster
-  target_revision        = var.target_revision
-  cluster_issuer         = var.cluster_issuer
-  deep_merge_append_list = var.deep_merge_append_list
-  enable_service_monitor = var.enable_service_monitor
-  app_autosync           = var.app_autosync
-  dependency_ids         = var.dependency_ids
+  cluster_name            = var.cluster_name
+  base_domain             = var.base_domain
+  subdomain               = var.subdomain
+  argocd_project          = var.argocd_project
+  argocd_labels           = var.argocd_labels
+  destination_cluster     = var.destination_cluster
+  target_revision         = var.target_revision
+  cluster_issuer          = var.cluster_issuer
+  deep_merge_append_list  = var.deep_merge_append_list
+  enable_service_monitor  = var.enable_service_monitor
+  app_autosync            = var.app_autosync
+  dependency_ids          = var.dependency_ids
+  enable_network_policies = var.enable_network_policies
 
   resources = var.resources
 
diff --git a/variables.tf b/variables.tf
index 810bff2..a66d7fc 100644
--- a/variables.tf
+++ b/variables.tf
@@ -174,3 +174,9 @@ variable "enable_service_monitor" {
   type        = bool
   default     = false
 }
+
+variable "enable_network_policies" {
+  description = "Enable or disable network policy for Thanos components."
+  type        = bool
+  default     = false
+}