diff --git a/templates/injector-network-policy.yaml b/templates/injector-network-policy.yaml
index f2dfd511e..40ed6e85c 100644
--- a/templates/injector-network-policy.yaml
+++ b/templates/injector-network-policy.yaml
@@ -1,4 +1,4 @@
-{{- if and (eq (.Values.injector.enabled | toString) "true" ) (and (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.openshift | toString) "true") ) }}
+{{- if eq (.Values.injector.networkPolicy.enabled | toString) "true" }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
diff --git a/test/unit/injector-network-policy.bats b/test/unit/injector-network-policy.bats
new file mode 100755
index 000000000..494096b25
--- /dev/null
+++ b/test/unit/injector-network-policy.bats
@@ -0,0 +1,22 @@
+#!/usr/bin/env bats
+
+load _helpers
+
+@test "injector/network-policy: disabled by default" {
+  cd `chart_dir`
+  local actual=$( (helm template \
+      --show-only templates/injector-network-policy.yaml  \
+      . || echo "---") | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "injector/network-policy: enabled by injector.networkPolicy.enabled" {
+  cd `chart_dir`
+  local actual=$( (helm template \
+      --set 'injector.networkPolicy.enabled=true' \
+      --show-only templates/injector-network-policy.yaml  \
+      . || echo "---") | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
\ No newline at end of file
diff --git a/values.yaml b/values.yaml
index 49836b73c..9b995b57f 100644
--- a/values.yaml
+++ b/values.yaml
@@ -156,6 +156,10 @@ injector:
   #   beta.kubernetes.io/arch: amd64
   nodeSelector: null
 
+  # Enables network policy for injector pods
+  networkPolicy:
+    enabled: false
+
   # Priority class for injector pods
   priorityClassName: ""