diff --git a/jupyterhub/templates/hub/netpol.yaml b/jupyterhub/templates/hub/netpol.yaml
index bb4e419903..5d054d8507 100644
--- a/jupyterhub/templates/hub/netpol.yaml
+++ b/jupyterhub/templates/hub/netpol.yaml
@@ -18,7 +18,9 @@ spec:
     - ports:
         - port: http
       from:
-        - podSelector:
+        - namespaceSelector:
+            matchLabels: {} # allow the label below to be set on a pod in any namespace
+          podSelector:
             matchLabels:
               hub.jupyter.org/network-access-hub: "true"
 
diff --git a/jupyterhub/templates/proxy/netpol.yaml b/jupyterhub/templates/proxy/netpol.yaml
index 855d0cc89e..0a53ec5e4e 100644
--- a/jupyterhub/templates/proxy/netpol.yaml
+++ b/jupyterhub/templates/proxy/netpol.yaml
@@ -25,7 +25,9 @@ spec:
         - port: https
         {{- end }}
       from:
-        - podSelector:
+        - namespaceSelector:
+            matchLabels: {} # allow the label below to be set on a pod in any namespace
+          podSelector:
             matchLabels:
               hub.jupyter.org/network-access-proxy-http: "true"
 
@@ -33,7 +35,9 @@ spec:
     - ports:
         - port: api
       from:
-        - podSelector:
+        - namespaceSelector:
+            matchLabels: {} # allow the label below to be set on a pod in any namespace
+          podSelector:
             matchLabels:
               hub.jupyter.org/network-access-proxy-api: "true"
 
diff --git a/jupyterhub/templates/singleuser/netpol.yaml b/jupyterhub/templates/singleuser/netpol.yaml
index f106aa5919..67179bbe28 100644
--- a/jupyterhub/templates/singleuser/netpol.yaml
+++ b/jupyterhub/templates/singleuser/netpol.yaml
@@ -19,7 +19,9 @@ spec:
     - ports:
         - port: notebook-port
       from:
-        - podSelector:
+        - namespaceSelector:
+            matchLabels: {} # allow the label below to be set on a pod in any namespace
+          podSelector:
             matchLabels:
               hub.jupyter.org/network-access-singleuser: "true"