diff --git a/cluster-config/namespaces.yaml b/cluster-config/namespaces.yaml
index 4911d4a..4f11c2b 100644
--- a/cluster-config/namespaces.yaml
+++ b/cluster-config/namespaces.yaml
@@ -1,5 +1,13 @@
 apiVersion: v1
 kind: Namespace
+metadata:
+  name: kube-system
+  labels:
+    app: kube-system
+    control-plane: controller-manager
+---
+apiVersion: v1
+kind: Namespace
 metadata:
   name: dev
   labels:
diff --git a/cluster-config/np-allow-consolidated.yaml b/cluster-config/np-allow-consolidated.yaml
index e14ddb8..9aee0a7 100644
--- a/cluster-config/np-allow-consolidated.yaml
+++ b/cluster-config/np-allow-consolidated.yaml
@@ -51,7 +51,21 @@ spec:
   - Ingress
   - Egress
   ingress:
-    - {}
+    - from: []
+      ports:
+      - port: 80
+        protocol: TCP
+    - from:
+      - ipBlock:
+        cidr: 100.64.1.0/24
+      ports:
+      - port: 80
+        protocol: TCP
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            linkerd.io/is-control-plane: "true"
+      - podSelector: {}
   egress:
     - to:
       - podSelector: {}