diff --git a/CHANGELOG.md b/CHANGELOG.md
index ad24ccc..a6c5225 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Add NetworkPolicy for WorkloadCluster Ip Job
+
 ## [0.6.1] - 2024-10-30
 
 ### Changed
diff --git a/helm/kyverno-policies-connectivity/templates/wc-ip/WorkloadClusterIpJob.yaml b/helm/kyverno-policies-connectivity/templates/wc-ip/WorkloadClusterIpJob.yaml
index 4f6adab..a36afbc 100644
--- a/helm/kyverno-policies-connectivity/templates/wc-ip/WorkloadClusterIpJob.yaml
+++ b/helm/kyverno-policies-connectivity/templates/wc-ip/WorkloadClusterIpJob.yaml
@@ -74,6 +74,20 @@ roleRef:
   name: "{{ .Release.Name }}-read-write-configmap"
   apiGroup: rbac.authorization.k8s.io
 ---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: "{{ .Release.Name }}-prepare-cm-preinstall-hook"
+  namespace: "{{ $.Release.Namespace }}"
+spec:
+  podSelector:
+    matchLabels:
+      batch.kubernetes.io/job-name: "{{ .Release.Name }}-prepare-cm-preinstall-hook"
+  policyTypes:
+  - Egress
+  egress:
+  - {}
+---
 apiVersion: batch/v1
 kind: Job
 metadata:
diff --git a/policies/connectivity/wc-ip/WorkloadClusterIpJob.yaml b/policies/connectivity/wc-ip/WorkloadClusterIpJob.yaml
index 51a034d..ddf3c34 100644
--- a/policies/connectivity/wc-ip/WorkloadClusterIpJob.yaml
+++ b/policies/connectivity/wc-ip/WorkloadClusterIpJob.yaml
@@ -73,6 +73,20 @@ roleRef:
   name: "[[ .Release.Name ]]-read-write-configmap"
   apiGroup: rbac.authorization.k8s.io
 ---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: "[[ .Release.Name ]]-prepare-cm-preinstall-hook"
+  namespace: "[[ $.Release.Namespace ]]"
+spec:
+  podSelector:
+    matchLabels:
+      batch.kubernetes.io/job-name: "[[ .Release.Name ]]-prepare-cm-preinstall-hook"
+  policyTypes:
+  - Egress
+  egress:
+  - {}
+---
 apiVersion: batch/v1
 kind: Job
 metadata: