diff --git a/charts/coredns/Chart.yaml b/charts/coredns/Chart.yaml
index 2cdd65c..e1dd6f9 100644
--- a/charts/coredns/Chart.yaml
+++ b/charts/coredns/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: coredns
-version: 1.26.1
+version: 1.27.0
 appVersion: 1.11.1
 home: https://coredns.io
 icon: https://coredns.io/images/CoreDNS_Colour_Horizontal.png
diff --git a/charts/coredns/ci/default-values.yaml b/charts/coredns/ci/default-values.yaml
new file mode 100644
index 0000000..0967ef4
--- /dev/null
+++ b/charts/coredns/ci/default-values.yaml
@@ -0,0 +1 @@
+{}
diff --git a/charts/coredns/ci/netpol-values.yaml b/charts/coredns/ci/netpol-values.yaml
new file mode 100644
index 0000000..245a288
--- /dev/null
+++ b/charts/coredns/ci/netpol-values.yaml
@@ -0,0 +1,9 @@
+isClusterService: false
+networkPolicy:
+  enabled: true
+  ingress:
+    dns:
+      peers:
+        - namespaceSelector:
+            matchLabels:
+              toto: tutu
diff --git a/charts/coredns/templates/networkpolicy.yaml b/charts/coredns/templates/networkpolicy.yaml
new file mode 100644
index 0000000..a8c3986
--- /dev/null
+++ b/charts/coredns/templates/networkpolicy.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.networkPolicy.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "coredns.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "coredns.labels" . | nindent 4 }}
+    {{- if .Values.customLabels }}
+    {{ toYaml .Values.customLabels | indent 4 }}
+    {{- end }}
+  {{- with .Values.customAnnotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: {{ .Release.Name | quote }}
+      {{- if .Values.isClusterService }}
+      k8s-app: {{ template "coredns.k8sapplabel" . }}
+      {{- end }}
+      app.kubernetes.io/name: {{ template "coredns.name" . }}
+    ingress:
+      - {{- if not .Values.isClusterService }}
+        {{- $_ := eq .Values.networkPolicy.ingress.dns.peers nil | ternary "" "-" | required "required value networkPolicy.ingress.dns.peers" }}
+        from: {{ .Values.networkPolicy.ingress.dns.peers | toYaml | nindent 10 }}
+        {{- end }}
+        ports:
+          - protocol: TCP
+            port: 53
+          - protocol: UDP
+            port: 53
+      {{- with .Values.networkPolicy.ingress.metrics.peers }}
+      - from: {{ . | toYaml | nindent 10 }}
+        ports:
+          - protocol: TCP
+            port: 9153
+      {{- end }}
+      {{- with .Values.networkPolicy.ingress.rules }}
+      {{- . | toYaml | nindent 8 }}
+      {{- end }}
+    {{- with .Values.networkPolicy.egress.rules }}
+    egress:
+      {{- . | toYaml | nindent 8 }}
+    {{- end }}
+    policyTypes:
+      - Ingress
+      - Egress
+{{- end }}
diff --git a/charts/coredns/templates/podsecuritypolicy.yaml b/charts/coredns/templates/podsecuritypolicy.yaml
deleted file mode 100644
index 6e02e00..0000000
--- a/charts/coredns/templates/podsecuritypolicy.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-{{- if and .Values.deployment.enabled .Values.rbac.pspEnable }}
-{{ if .Capabilities.APIVersions.Has "policy/v1beta1" }}
-apiVersion: policy/v1beta1
-{{ else }}
-apiVersion: extensions/v1beta1
-{{ end -}}
-kind: PodSecurityPolicy
-metadata:
-  name: {{ template "coredns.fullname" . }}
-  labels: {{- include "coredns.labels" . | nindent 4 }}
-spec:
-  privileged: false
-  # Required to prevent escalations to root.
-  allowPrivilegeEscalation: false
-  # Add back CAP_NET_BIND_SERVICE so that coredns can run on port 53
-  allowedCapabilities:
-    - NET_BIND_SERVICE
-  # Allow core volume types.
-  volumes:
-    - 'configMap'
-    - 'emptyDir'
-    - 'projected'
-    - 'secret'
-    - 'downwardAPI'
-  hostNetwork: false
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    # Require the container to run without root privileges.
-    rule: 'RunAsAny'
-  seLinux:
-    # This policy assumes the nodes are using AppArmor rather than SELinux.
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-      # Forbid adding the root group.
-      - min: 1
-        max: 65535
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-      # Forbid adding the root group.
-      - min: 1
-        max: 65535
-  readOnlyRootFilesystem: false
-{{- end }}
diff --git a/charts/coredns/values.yaml b/charts/coredns/values.yaml
index 6ffd360..1030c4a 100644
--- a/charts/coredns/values.yaml
+++ b/charts/coredns/values.yaml
@@ -70,8 +70,6 @@ serviceAccount:
 rbac:
   # If true, create & use RBAC resources
   create: true
-  # If true, create and use PodSecurityPolicy
-  pspEnable: false
   # The name of the ServiceAccount to use.
   # If not set and create is true, a name is generated using the fullname template
   # name:
@@ -354,3 +352,13 @@ deployment:
   name: ""
   ## Annotations for the coredns deployment
   annotations: {}
+
+networkPolicy:
+  enabled: false
+  ingress:
+    dns:
+      peers: null
+    metrics:
+      peers: []
+  egress:
+    rules: []