diff --git a/install/helm-repo/argocd-agent-agent/templates/agent-networkpolicy-redis.yaml b/install/helm-repo/argocd-agent-agent/templates/agent-networkpolicy-redis.yaml
new file mode 100644
index 00000000..540fdc02
--- /dev/null
+++ b/install/helm-repo/argocd-agent-agent/templates/agent-networkpolicy-redis.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.redis.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ .Values.networkPolicy.redis.name }}
+  namespace: {{ default .Release.Namespace .Values.networkPolicy.redis.namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- toYaml .Values.networkPolicy.redis.agentSelector | nindent 6 }}
+  policyTypes:
+  - Egress
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          {{- toYaml .Values.networkPolicy.redis.redisSelector | nindent 10 }}
+    ports:
+    - port: 6379
+      protocol: TCP
+{{- end }}
diff --git a/install/helm-repo/argocd-agent-agent/values.yaml b/install/helm-repo/argocd-agent-agent/values.yaml
index df6d0ea0..140ffaf3 100644
--- a/install/helm-repo/argocd-agent-agent/values.yaml
+++ b/install/helm-repo/argocd-agent-agent/values.yaml
@@ -21,6 +21,18 @@ metricsPort: "8181"
 tlsClientInSecure: "false"
 healthzPort: "8002"
 redisAddress: "argocd-redis:6379"
-tlsClientKeyPath: ""
-tlsClientCertPath: ""
-tlsRootCAPath: ""
\ No newline at end of file
+
+tlsClientKeyPath: "/app/config/tls/tls.key"
+tlsClientCertPath: "/app/config/tls/tls.crt"
+tlsRootCAPath: "/app/config/tls/ca.crt"
+
+networkPolicy:
+  enabled: true 
+  redis:
+    enabled: true 
+    name: allow-agent-to-redis
+    namespace: "" 
+    redisSelector:
+      app.kubernetes.io/name: argocd-redis
+    agentSelector:
+      app.kubernetes.io/name: argocd-agent-agent
diff --git a/install/kubernetes/agent/agent-networkpolicy-redis.yaml b/install/kubernetes/agent/agent-networkpolicy-redis.yaml
new file mode 100644
index 00000000..caef6057
--- /dev/null
+++ b/install/kubernetes/agent/agent-networkpolicy-redis.yaml
@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: agent-allow-redis-egress
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-agent-agent
+  policyTypes:
+  - Egress
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/name: argocd-redis
+    ports:
+    - port: 6379
+      protocol: TCP
+
diff --git a/install/kubernetes/agent/kustomization.yaml b/install/kubernetes/agent/kustomization.yaml
index e2d9b386..5b33314f 100644
--- a/install/kubernetes/agent/kustomization.yaml
+++ b/install/kubernetes/agent/kustomization.yaml
@@ -8,6 +8,7 @@ resources:
 - agent-params-cm.yaml
 - agent-metrics-service.yaml
 - agent-healthz-service.yaml
+- agent-networkpolicy-redis.yaml
 
 images:
 - name: argocd-agent
diff --git a/install/kubernetes/principal/kustomization.yaml b/install/kubernetes/principal/kustomization.yaml
index fc21f02c..40344931 100644
--- a/install/kubernetes/principal/kustomization.yaml
+++ b/install/kubernetes/principal/kustomization.yaml
@@ -12,6 +12,7 @@ resources:
 - principal-metrics-service.yaml
 - principal-healthz-service.yaml
 - principal-userpass-secret.yaml
+ - principal-networkpolicy-redis.yaml
 
 images:
 - name: argocd-agent
diff --git a/install/kubernetes/principal/principal-networkpolicy-redis.yaml b/install/kubernetes/principal/principal-networkpolicy-redis.yaml
new file mode 100644
index 00000000..fba3fceb
--- /dev/null
+++ b/install/kubernetes/principal/principal-networkpolicy-redis.yaml
@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: principal-allow-redis-egress
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-agent-principal
+  policyTypes:
+  - Egress
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/name: argocd-redis
+    ports:
+    - port: 6379
+      protocol: TCP
+