diff --git a/charts/opa/README.md b/charts/opa/README.md
index 8ca463550..5339c25c5 100644
--- a/charts/opa/README.md
+++ b/charts/opa/README.md
@@ -76,6 +76,7 @@ Reference](https://www.openpolicyagent.org/docs/configuration.html).
 | `podDisruptionBudget.minAvailable` | Sets the minimum number of pods to be available. Cannot be set at the same time as maxUnavailable. | `1` |
 | `podDisruptionBudget.maxUnavailable` | Sets the maximum number of pods to be unavailable. Cannot be set at the same time as minAvailable. | Unset |
 | `hostNetwork.enabled` | Use hostNetwork setting on OPA pod | `false` |
+| `dnsPolicyOverride` | DNS policy to use on OPA pod | `` |
 | `image.repository` | OPA image to deploy. | `openpolicyagent/opa` |
 | `image.tag` | OPA image tag to deploy. | See [values.yaml](values.yaml) |
 | `port` | Port in the pod to which OPA will bind itself. | `443` |
diff --git a/charts/opa/templates/_helpers.tpl b/charts/opa/templates/_helpers.tpl
index 40d5db24e..abd8dcf4a 100644
--- a/charts/opa/templates/_helpers.tpl
+++ b/charts/opa/templates/_helpers.tpl
@@ -107,3 +107,11 @@ admissionregistration.k8s.io/v1beta1
 {{- $tag := .Values.mgmt.image.tag | default .Chart.AppVersion -}}
 {{ printf "%s:%s" .Values.mgmt.image.repository $tag }}
 {{- end -}}
+
+{{- define "opa.dnsPolicy" -}}
+{{- if .Values.dnsPolicyOverride -}}
+dnsPolicy: "{{ .Values.dnsPolicyOverride }}"
+{{ else if .Values.hostNetwork.enabled -}}
+dnsPolicy: "ClusterFirstWithHostNet"
+{{ end -}}
+{{ end -}}
diff --git a/charts/opa/templates/deployment.yaml b/charts/opa/templates/deployment.yaml
index 687f8f31f..27c0fe103 100644
--- a/charts/opa/templates/deployment.yaml
+++ b/charts/opa/templates/deployment.yaml
@@ -81,6 +81,7 @@ spec:
 {{- if .Values.hostNetwork.enabled }}
       hostNetwork: true
 {{- end }}
+      {{- include "opa.dnsPolicy" . | nindent 6 -}}
       containers:
         - name: opa
           ports: