diff --git a/CHANGELOG.md b/CHANGELOG.md
index f755269c..3b9c9a09 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Add `ciliumNetworkPolicy.enabled=true` in cluster values.
+
 ## [2.21.1] - 2024-03-19
 
 ### Fixed
diff --git a/service/controller/resource/clusterconfigmap/desired.go b/service/controller/resource/clusterconfigmap/desired.go
index abae078a..734003b6 100644
--- a/service/controller/resource/clusterconfigmap/desired.go
+++ b/service/controller/resource/clusterconfigmap/desired.go
@@ -246,6 +246,9 @@ func (r *Resource) GetDesiredState(ctx context.Context, obj interface{}) ([]*cor
 		ClusterCIDR:  clusterCIDR,
 		GcpProject:   gcpProject,
 		Provider:     provider,
+		CiliumNetworkPolicy: CiliumNetworkPolicy{
+			Enabled: true,
+		},
 	}
 
 	// disable boostrap mode and do not install CNI for EKS cluster
diff --git a/service/controller/resource/clusterconfigmap/types.go b/service/controller/resource/clusterconfigmap/types.go
index b8300850..4aa0eacc 100644
--- a/service/controller/resource/clusterconfigmap/types.go
+++ b/service/controller/resource/clusterconfigmap/types.go
@@ -28,6 +28,9 @@ type ClusterConfig struct {
 	Kubernetes KubernetesConfig  `json:"kubernetes"`
 	Private    bool              `json:"private"`
 }
+type CiliumNetworkPolicy struct {
+	Enabled bool `json:"enabled"`
+}
 type ClusterValuesConfig struct {
 	BaseDomain string `json:"baseDomain"`
 	// BootstrapMode allows to configure chart-operator in bootstrap mode so that it can install charts without cni or kube-proxy.
@@ -35,14 +38,14 @@ type ClusterValuesConfig struct {
 	Cluster       ClusterConfig              `json:"cluster"`
 	ClusterCA     string                     `json:"clusterCA"`
 	// ClusterDNSIP is used by chart-operator. It uses this IP as its dnsConfig nameserver, to use it as resolver.
-	ClusterDNSIP  string                   `json:"clusterDNSIP"`
-	ClusterID     string                   `json:"clusterID"`
-	ClusterCIDR   string                   `json:"clusterCIDR"`
-	ExternalDNSIP *string                  `json:"externalDNSIP,omitempty"`
-	Helm          *ChartOperatorHelmConfig `json:"helm,omitempty"`
-	Provider      string                   `json:"provider"`
-	GcpProject    string                   `json:"gcpProject"`
-	ChartOperator ChartOperatorConfig      `json:"chartOperator"`
-
-	AzureSubscriptionID string `json:"subscriptionID"`
+	ClusterDNSIP        string                   `json:"clusterDNSIP"`
+	ClusterID           string                   `json:"clusterID"`
+	ClusterCIDR         string                   `json:"clusterCIDR"`
+	ExternalDNSIP       *string                  `json:"externalDNSIP,omitempty"`
+	Helm                *ChartOperatorHelmConfig `json:"helm,omitempty"`
+	Provider            string                   `json:"provider"`
+	GcpProject          string                   `json:"gcpProject"`
+	ChartOperator       ChartOperatorConfig      `json:"chartOperator"`
+	CiliumNetworkPolicy CiliumNetworkPolicy      `json:"ciliumNetworkPolicy"`
+	AzureSubscriptionID string                   `json:"subscriptionID"`
 }