diff --git a/projects/ingress-external/manifests/allow-kubeapi.yml b/projects/ingress-external/manifests/allow-kubeapi.yml
new file mode 100644
index 00000000..5b228347
--- /dev/null
+++ b/projects/ingress-external/manifests/allow-kubeapi.yml
@@ -0,0 +1,14 @@
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+  name: "traefik-allow-kubeapi"
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: traefik
+      app.kubernetes.io/instance: ingress-external
+  egress:
+  - toServices:
+    - k8sService:
+        serviceName: kubernetes
+        namespace: default
diff --git a/projects/ingress-external/project.yml b/projects/ingress-external/project.yml
index 75ebb50f..e7670cb5 100644
--- a/projects/ingress-external/project.yml
+++ b/projects/ingress-external/project.yml
@@ -4,9 +4,9 @@ config:
     config:
       allowNamespace: false
     rules:
-    #- allow-dns
+    - allow-dns
     - allow-ingress-traffic
-    #- allow-external-services
+    - allow-external-services
     #- allow-kubeapi
 
 apps: