diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1e04781a55dfa37cb572f7e2c3230b0bed9570ef..618a676e6aa26d1070cca68f286ccab83b31a950 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## [29.1.0-bb.4]
+### Changed
+- kube-api network policy toggle
+- istio network policy stricter podSelector values
+
 ## [29.1.0-bb.3] - 2021-06-08
 ### Modified
 - Modified CI tests to use new library and infrastructure
@@ -8,7 +13,7 @@
 - Network policy for helm-tests to save artifacts
 
 ## [29.1.0-bb.2]
-# Added
-* default-deny-all network policy
-* istio network policy
-* monitoring network policy
+### Added
+- default-deny-all network policy
+- istio network policy
+- monitoring network policy
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index ed5e087e91eacfce4a24e0dd9799ff57f483bffe..9e9aac2264366f95eadb5a8c3a06e170137be71c 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: nexus-repository-manager
-version: 29.1.0-bb.3
+version: 29.1.0-bb.4
 appVersion: 3.29.0
 description: Sonatype Nexus Repository Manager - Universal Binary repository
 type: application
diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml
index 5c6c341c00efc435750f7383c8ec1b38424ba735..bf47c593a5da7c6f7229bae64486a62fc72029a1 100644
--- a/chart/templates/bigbang/networkpolicies/istio.yaml
+++ b/chart/templates/bigbang/networkpolicies/istio.yaml
@@ -1,11 +1,13 @@
-{{ if .Values.networkPolicies.enabled }}
+{{ if and .Values.networkPolicies.enabled .Values.istio.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: allow-to-istio-ingressgateway
+  name: allow-from-istio-ingressgateway
   namespace: {{ .Release.Namespace }}
 spec:
-  podSelector: {}
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: nexus-repository-manager
   policyTypes:
     - Ingress
   ingress:
diff --git a/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml b/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml
index 708f312b69cce3a92614a3a45b69ef83eb6c4fd4..04ed264835576fd8d36d2966e80bf2b42ce3317c 100644
--- a/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml
+++ b/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml
@@ -1,3 +1,4 @@
+{{ if .Values.networkPolicies.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -16,4 +17,5 @@ spec:
     matchLabels:
       app.kubernetes.io/name: nexus-repository-manager
   policyTypes:
-  - Egress
\ No newline at end of file
+  - Egress
+{{- end }}