diff --git a/chart/Chart.lock b/chart/Chart.lock
index 4365439f9029a45da5e008c141c0588a90e4ea3f..30b1f548b3b4ce8cf97313bd0771285080382e9b 100644
--- a/chart/Chart.lock
+++ b/chart/Chart.lock
@@ -5,8 +5,8 @@ dependencies:
 - name: minio-instance
   repository: file://./deps/minio
   version: 4.0.4-bb.4
-- name: bb-test-lib
-  repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates
-  version: 0.5.2
-digest: sha256:3ca344e6b6e62dc508c2599518d638e424477cf8de51a53cf795c8481d6c2b32
-generated: "2021-05-17T13:29:55.74089-06:00"
+- name: gluon
+  repository: oci://registry.dso.mil/platform-one/big-bang/apps/library-charts/gluon
+  version: 0.1.1
+digest: sha256:41c1bd38bd9212477829389128629a39aa58e92e441058fcae5995a6006a84d2
+generated: "2021-05-24T14:25:13.642798-06:00"
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 4de4aabada25580a6a19d0aa32e3101faa8af15f..1f50e479307d62cec4b8490122f89d7477f8e92c 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,15 +1,13 @@
---- 
 apiVersion: v2
 name: mattermost
 type: application
 version: "0.1.7-bb.0"
 appVersion: "5.34.2"
 description: "Deployment of mattermost"
-keywords: 
+keywords:
   - Mattermost
   - Instance
 kubeVersion: ">=1.12.0-0"
-
 dependencies:
   - name: postgresql
     version: 10.3.5
@@ -21,6 +19,6 @@ dependencies:
     alias: minio
     condition: minio.install
     repository: file://./deps/minio
-  - name: bb-test-lib
-    version: 0.5.2
-    repository: "oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates"
+  - name: gluon
+    version: 0.1.1
+    repository: oci://registry.dso.mil/platform-one/big-bang/apps/library-charts/gluon
diff --git a/chart/charts/bb-test-lib-0.5.2.tgz b/chart/charts/bb-test-lib-0.5.2.tgz
index 0df8143dd476200a3e95ccc1ddc9b52dac0bfae4..2045d9ca5f02c5d182a0b1654b9dc1838bd6caa4 100644
Binary files a/chart/charts/bb-test-lib-0.5.2.tgz and b/chart/charts/bb-test-lib-0.5.2.tgz differ
diff --git a/chart/charts/gluon-0.1.1.tgz b/chart/charts/gluon-0.1.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..b4a4878dae126348cdee9d80977a15121ba59f9f
Binary files /dev/null and b/chart/charts/gluon-0.1.1.tgz differ
diff --git a/chart/charts/minio-instance-4.0.4-bb.4.tgz b/chart/charts/minio-instance-4.0.4-bb.4.tgz
index 46ad6c493b04ee1a445ecedc63f15adda7d4b0b9..fe167b6193d834cfa1ad4bfe9089c3b04361ee46 100644
Binary files a/chart/charts/minio-instance-4.0.4-bb.4.tgz and b/chart/charts/minio-instance-4.0.4-bb.4.tgz differ
diff --git a/chart/charts/postgresql-10.3.5.tgz b/chart/charts/postgresql-10.3.5.tgz
index ad2bbeb3f9f0de74fd552da246173d001d058e16..e7f8893b27fa7f380421adb17f258bc870348ad0 100644
Binary files a/chart/charts/postgresql-10.3.5.tgz and b/chart/charts/postgresql-10.3.5.tgz differ
diff --git a/chart/templates/bigbang/networkpolicies/allow-external-minio.yaml b/chart/templates/bigbang/networkpolicies/allow-external-minio.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..90b516fbd5f6c864c4991fbb2b33967fa4aac319
--- /dev/null
+++ b/chart/templates/bigbang/networkpolicies/allow-external-minio.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.networkPolicies.enabled (not .Values.minio.install) }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-external-minio-egress
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      app: mattermost
+  policyTypes:
+  - Egress
+  egress:
+  - to:
+    - ipBlock:
+        cidr: 0.0.0.0/0
+        # ONLY Block requests to AWS metadata IP
+        except:
+        - 169.254.169.254/32
+{{- end }}
diff --git a/chart/templates/bigbang/networkpolicies/allow-external-postgres.yaml b/chart/templates/bigbang/networkpolicies/allow-external-postgres.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..bf112324976294213be04f8ccba2a62448e53b21
--- /dev/null
+++ b/chart/templates/bigbang/networkpolicies/allow-external-postgres.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.networkPolicies.enabled (not .Values.postgresql.install) }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-external-postgres-egress
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      app: mattermost
+  policyTypes:
+  - Egress
+  egress:
+  - to:
+    - ipBlock:
+        cidr: 0.0.0.0/0
+        # ONLY Block requests to AWS metadata IP
+        except:
+        - 169.254.169.254/32
+{{- end }}
diff --git a/chart/templates/bigbang/networkpolicies/allow-in-ns.yaml b/chart/templates/bigbang/networkpolicies/allow-in-ns.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..97a841cca7ca41fbbfe94e4f1415e4230d70f49b
--- /dev/null
+++ b/chart/templates/bigbang/networkpolicies/allow-in-ns.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-in-ns
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - from:
+        - podSelector: {}
+  egress:
+    - to:
+        - podSelector: {}
+{{- end }}
diff --git a/chart/templates/bigbang/networkpolicies/allow-istio.yaml b/chart/templates/bigbang/networkpolicies/allow-istio.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6c4c48ca2c873b93a7d7e0a753fd2f2ebbf7fb34
--- /dev/null
+++ b/chart/templates/bigbang/networkpolicies/allow-istio.yaml
@@ -0,0 +1,33 @@
+{{- if and .Values.networkPolicies.enabled .Values.istio.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-istio
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      app: mattermost
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          app.kubernetes.io/name: istio-controlplane
+      podSelector:
+        matchLabels:
+          {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}}
+    ports:
+    - port: 8065
+      protocol: TCP
+  egress:
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          app.kubernetes.io/name: istio-controlplane
+      podSelector:
+        matchLabels:
+          istio: pilot
+{{- end }}
diff --git a/chart/templates/bigbang/networkpolicies/allow-monitoring-ingress.yaml b/chart/templates/bigbang/networkpolicies/allow-monitoring-ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..38f98d32b99def52c46754ae86f9527573aab565
--- /dev/null
+++ b/chart/templates/bigbang/networkpolicies/allow-monitoring-ingress.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.networkPolicies.enabled .Values.monitoring.enabled .Values.enterprise.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-monitoring-ingress
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      app: mattermost
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          app.kubernetes.io/name: monitoring
+    ports:
+    - port: 8067
+      protocol: TCP
+{{- end }}
diff --git a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1a9b59b404f39730dd6b18a1d3f18160ea0a6b85
--- /dev/null
+++ b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml
@@ -0,0 +1,26 @@
+{{- $bbtests := .Values.bbtests | default dict -}}
+{{- $cypress := $bbtests.cypress | default dict -}}
+{{- $enabled := (hasKey $bbtests "enabled") -}}
+{{- $artifacts := (hasKey $cypress "artifacts") -}}
+{{- if and $enabled $artifacts }}
+{{- if and .Values.networkPolicies.enabled .Values.bbtests.enabled .Values.bbtests.cypress.artifacts }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-test-egress
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      helm-test: enabled
+  policyTypes:
+  - Egress
+  egress:
+  - to:
+    - ipBlock:
+        cidr: 0.0.0.0/0
+        # ONLY Block requests to AWS metadata IP
+        except:
+          - 169.254.169.254/32
+{{- end }}
+{{- end }}
diff --git a/chart/templates/bigbang/networkpolicies/deny-default.yaml b/chart/templates/bigbang/networkpolicies/deny-default.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..31c4a35ec2b894c53867d02c1608b981bdb3469f
--- /dev/null
+++ b/chart/templates/bigbang/networkpolicies/deny-default.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector: {}
+  policyTypes:
+  - Ingress
+  - Egress
+  # Deny all ingress
+  ingress: []
+  # Deny external egress (outside cluster)
+  egress:
+  - to:
+    - namespaceSelector: {}
+{{- end }}
diff --git a/chart/templates/env-secret.yaml b/chart/templates/env-secret.yaml
index 9dd5e1e513130438f6884fe3d6ccbca6105b77ef..e20b9bdebe6bc5cb8b1e5fdbcda073ab01619696 100644
--- a/chart/templates/env-secret.yaml
+++ b/chart/templates/env-secret.yaml
@@ -40,10 +40,8 @@ stringData:
   MM_ELASTICSEARCHSETTINGS_PASSWORD: {{ .Values.elasticsearch.password }}
   {{- else }}
   {{ $secretname := printf "%s-es-elastic-user" ( .Values.elasticsearch.name | default "logging-ek" )}}
-  SECRET_NAME: {{ $secretname }}  
-  NAMESPACE: {{ .Values.elasticsearch.namespace | default "logging" }}
   {{- with lookup "v1" "Secret" (.Values.elasticsearch.namespace | default "logging" )  $secretname }}
-  MM_ELASTICSEARCHSETTINGS_PASSWORD: {{ .data.elastic | b64dec }}  
-  {{- end }}    
-  {{- end }}  
+  MM_ELASTICSEARCHSETTINGS_PASSWORD: {{ .data.elastic | b64dec }}
+  {{- end }}
+  {{- end }}
 {{- end }}
diff --git a/chart/templates/tests/test-ui.yaml b/chart/templates/tests/test-ui.yaml
index 57f97717fa3416c85c53db25f8f04b7837fa6134..163bd16f97c275ce0d713081a0afdf6e07f0116d 100644
--- a/chart/templates/tests/test-ui.yaml
+++ b/chart/templates/tests/test-ui.yaml
@@ -1,11 +1,11 @@
-{{- include "bb-test-lib.cypress-configmap.overrides" (list . "mattermost-test.cypress-configmap") }}
+{{- include "gluon.tests.cypress-configmap.overrides" (list . "mattermost-test.cypress-configmap") }}
 {{- define "mattermost-test.cypress-configmap" }}
 metadata:
   labels:
     {{ include "mattermost.labels" . | nindent 4 }}
 {{- end }}
 ---
-{{- include "bb-test-lib.cypress-runner.overrides" (list . "mattermost-test.cypress-runner") -}}
+{{- include "gluon.tests.cypress-runner.overrides" (list . "mattermost-test.cypress-runner") -}}
 {{- define "mattermost-test.cypress-runner" -}}
 metadata:
   labels:
diff --git a/chart/values.yaml b/chart/values.yaml
index 81d548175b2e8b3b30089fa3b91a76268cf5dc91..e0d41c7fb57736e6b1fdcdbc94421a4a971dd7a9 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -13,6 +13,12 @@ istio:
     hosts:
       - chat.{{ .Values.hostname }}
 
+networkPolicies:
+  enabled: false
+  ingressLabels:
+    app: istio-ingressgateway
+    istio: ingressgateway
+
 # NOTE: Requires enterprise.enabled to have any effect
 monitoring:
   enabled: false
diff --git a/tests/test-values.yml b/tests/test-values.yml
index f180ba22f089d4c494ebb1c963a5f6c06f31f7ca..071bdd1bb6e03b91ae67af62c95a5cbf0ecc9388 100644
--- a/tests/test-values.yml
+++ b/tests/test-values.yml
@@ -5,6 +5,7 @@ postgresql:
   install: true
 
 bbtests:
+  enabled: true
   cypress:
     artifacts: true
     envs:
@@ -12,3 +13,6 @@ bbtests:
       cypress_mm_email: "test@bigbang.dev"
       cypress_mm_user: "bigbang"
       cypress_mm_password: "Bigbang#123"
+
+networkPolicies:
+  enabled: true