diff --git a/src/main/helm/templates/_helpers.tpl b/src/main/helm/templates/_helpers.tpl
index b6728207b5b86dec00472dc1b8fdc2ef70741462..6effa40e9c88813be3b96611bee410a7f7480ad2 100644
--- a/src/main/helm/templates/_helpers.tpl
+++ b/src/main/helm/templates/_helpers.tpl
@@ -91,4 +91,21 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 
 {{- define "app.serviceAccountName" -}}
 {{ printf "%s" ( (.Values.serviceAccount).name | default "vorgang-manager-service-account" ) }}
+{{- end -}}
+
+{{- define "app.getCustomList" -}}
+{{- with (.Values.env).customList -}}
+{{- if kindIs "map" . -}}
+{{ include "app.dictToList" . }}
+{{- else if kindIs "slice" . -}}
+{{ . | toYaml }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.dictToList" -}}
+{{- range $key, $value := . -}}
+- name: {{ $key }}
+  value: {{ $value }}
+{{- end -}}
 {{- end -}}
\ No newline at end of file
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index 99a2c2136ec44e69a9960a4883f0aa0604678aaa..0464a755bb25b31585354a835303c2d5430e0c76 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -137,8 +137,8 @@ spec:
           - name: spring_ssl_bundle_pem_es-root-ca_truststore_certificate
             value: "/bindings/ca-certificates/es-root-ca.pem"
           {{- end }}
-          {{- with (.Values.env).customList }}
-{{ toYaml . | indent 10 }}
+          {{- with include "app.getCustomList" . }}
+{{ . | indent 10 }}
           {{- end }}
           - name: grpc_client_user-manager_address
             value: {{ include "app.grpc_client_user-manager_address" . }}
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 88ad059ed4898240276aa3f9a0dc05775705a87e..4e92477186bd11308c58de1cc1c5f05c3d6207f0 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -45,10 +45,10 @@ spec:
     - podSelector: 
         matchLabels:
           ozg-component: eingangsadapter
-{{- with (.Values.networkPolicy).additionalIngressConfig }}
+{{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
 {{ toYaml . | indent 2 }}
 {{- end }}
-{{- with (.Values.networkPolicy).additionalIngressConfigNamespace }}
+{{- with (.Values.networkPolicy).additionalIngressConfigGlobal }}
 {{ toYaml . | indent 2 }}
 {{- end }}
   egress:
@@ -101,10 +101,10 @@ spec:
         protocol: UDP
       - port: 5353
         protocol: TCP
-{{- with (.Values.networkPolicy).additionalEgressConfig }}
+{{- with (.Values.networkPolicy).additionalEgressConfigLocal }}
 {{ toYaml . | indent 2 }}
 {{- end }}
-{{- with (.Values.networkPolicy).additionalEgressConfigNamespace }}
+{{- with (.Values.networkPolicy).additionalEgressConfigGlobal }}
 {{ toYaml . | indent 2 }}
 {{- end }}
 
diff --git a/src/test/helm/deployment_env_test.yaml b/src/test/helm/deployment_env_test.yaml
index f4306525a9696b7c8c57b8dfe940712c09ad516c..6ba187adc9668db175feadd3026645ff68817a1e 100644
--- a/src/test/helm/deployment_env_test.yaml
+++ b/src/test/helm/deployment_env_test.yaml
@@ -30,7 +30,7 @@ set:
     environment: dev
   imagePullSecret: test-image-pull-secret
 tests:
-  - it: check customList
+  - it: check customList as list
     set:
       env.customList:
         - name: my_test_environment_name
@@ -41,6 +41,16 @@ tests:
           content:
             name: my_test_environment_name
             value: "A test value"
+  - it: check customList as dict
+    set:
+      env.customList:
+        my_test_environment_name: "A test value"
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: my_test_environment_name
+            value: "A test value"
 
   - it: check customList test value is not set by default
     asserts:
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index ac7df6574a59eae14b64a88872f8f37a182dfa89..21ac219c19905e33604d003d0c5f7ba32da173ef 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -234,12 +234,12 @@ tests:
       - failedTemplate:
           errorMessage: ozgcloud.bayernid.proxy.namespace must be set if bayernid is enabled
 
-  - it: add ingress rule by values
+  - it: add ingress rule local by values
     set:
       networkPolicy:
         ssoPublicIp: 51.89.117.53/32
         dnsServerNamespace: test-namespace-dns
-        additionalIngressConfig:
+        additionalIngressConfigGlobal:
         - from:
           - podSelector: 
               matchLabels:
@@ -252,16 +252,16 @@ tests:
             - podSelector: 
                 matchLabels:
                   component: client2
-
-  - it: should add additionalIngressConfig
+  - it: add ingress rule global by values
     set:
       networkPolicy:
+        ssoPublicIp: 51.89.117.53/32
         dnsServerNamespace: test-namespace-dns
-        additionalIngressConfig:
+        additionalIngressConfigLocal:
         - from:
           - podSelector: 
               matchLabels:
-                additionalIngressConfig: yes
+                component: client2
     asserts:
       - contains:
           path: spec.ingress
@@ -269,54 +269,53 @@ tests:
             from:
             - podSelector: 
                 matchLabels:
-                  additionalIngressConfig: yes
+                  component: client2
 
-  - it: should add additionalEgressConfig
+  - it: add egress rules local by values
     set:
       networkPolicy:
-        dnsServerNamespace: test-namespace-dns
-        additionalEgressConfig:
+        additionalEgressConfigGlobal:
+        - to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
         - to:
           - podSelector:
               matchLabels:
-                additionalEgressConfig: yes
+                component: ozg-testservice
+          ports:
+            - port: 12345
+              protocol: TCP
+
+        dnsServerNamespace: test-dns-namespace
     asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
     - contains:
         path: spec.egress
         content:
           to:
           - podSelector:
               matchLabels:
-                additionalEgressConfig: yes
-
-
-  - it: should add additionalIngressConfigNamespace
-    set:
-      networkPolicy:
-        dnsServerNamespace: test-namespace-dns
-        additionalIngressConfigNamespace:
-        - from:
-          - podSelector: 
-              matchLabels:
-                additionalIngressConfigNamespace: yes
-    asserts:
-      - contains:
-          path: spec.ingress
-          content:
-            from:
-            - podSelector: 
-                matchLabels:
-                  additionalIngressConfigNamespace: yes
-
-  - it: should add additionalEgressConfigNamespace
+                component: ozg-testservice
+          ports:
+            - port: 12345
+              protocol: TCP
+  - it: add egress rules global by values
     set:
       networkPolicy:
         dnsServerNamespace: test-dns-namespace
-        additionalEgressConfigNamespace:
+        additionalEgressConfigLocal:
+        - to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
         - to:
           - podSelector:
               matchLabels:
-                additionalEgressConfigNamespace: yes
+                additionalEgressConfigLocal: yes
     asserts:
     - contains:
         path: spec.egress
@@ -324,7 +323,7 @@ tests:
           to:
           - podSelector:
               matchLabels:
-                additionalEgressConfigNamespace: yes
+                additionalEgressConfigLocal: yes
 
   - it: test network policy disabled
     set: