diff --git a/pcm-kubernetes.yaml.experimental b/pcm-kubernetes.yaml.experimental
index 4ce9f631..8d0c31e4 100644
--- a/pcm-kubernetes.yaml.experimental
+++ b/pcm-kubernetes.yaml.experimental
@@ -50,7 +50,7 @@ spec:
           failureThreshold: 3
           httpGet:
             path: /
-            port: 9738
+            port: pcm-metrics
             scheme: HTTP
           periodSeconds: 10
           successThreshold: 1
@@ -65,7 +65,7 @@ spec:
           failureThreshold: 3
           httpGet:
             path: /
-            port: 9738
+            port: pcm-metrics
             scheme: HTTP
           periodSeconds: 10
           successThreshold: 1
@@ -123,6 +123,26 @@ spec:
           path: /proc/sys/kernel/nmi_watchdog
         name: nmi-watchdog
 ---
+# This networkPolicy lets anyone query the prometheus-metrics
+# PCM shouldn't have any outbound network trafic
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: intel-pcm-sensor-server
+  namespace: intel-pcm
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/component: pcm-sensor-server
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - ports:
+        - protocol: TCP
+          port: pcm-metrics
+  egress: []
+---
 # prometheus operator defines this CRD
 apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor