diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go
index d9b21af3cde..c8849838278 100644
--- a/google/resource_container_cluster.go
+++ b/google/resource_container_cluster.go
@@ -128,6 +128,22 @@ func resourceContainerCluster() *schema.Resource {
 								},
 							},
 						},
+						"network_policy": {
+							Type:     schema.TypeList,
+							Optional: true,
+							ForceNew: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"disabled": {
+										Type:     schema.TypeBool,
+										Default:  true,
+										Optional: true,
+										ForceNew: true,
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -863,6 +879,14 @@ func expandClusterAddonsConfig(configured interface{}) *container.AddonsConfig {
 			ForceSendFields: []string{"Disabled"},
 		}
 	}
+
+	if v, ok := config["network_policy"]; ok && len(v.([]interface{})) > 0 {
+		addon := v.([]interface{})[0].(map[string]interface{})
+		ac.NetworkPolicyConfig = &container.NetworkPolicyConfig{
+			Disabled:        addon["disabled"].(bool),
+			ForceSendFields: []string{"Disabled"},
+		}
+	}
 	return ac
 }
 
diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go
index fc6a4f99b97..a2d212d88f8 100644
--- a/google/resource_container_cluster_test.go
+++ b/google/resource_container_cluster_test.go
@@ -706,9 +706,14 @@ func testAccCheckContainerCluster(n string) resource.TestCheckFunc {
 		if cluster.AddonsConfig != nil && cluster.AddonsConfig.KubernetesDashboard != nil {
 			kubernetesDashboardDisabled = cluster.AddonsConfig.KubernetesDashboard.Disabled
 		}
+		networkPolicyDisabled := false
+		if cluster.AddonsConfig != nil && cluster.AddonsConfig.NetworkPolicyConfig != nil {
+			networkPolicyDisabled = cluster.AddonsConfig.NetworkPolicyConfig.Disabled
+		}
 		clusterTests = append(clusterTests, clusterTestField{"addons_config.0.http_load_balancing.0.disabled", httpLoadBalancingDisabled})
 		clusterTests = append(clusterTests, clusterTestField{"addons_config.0.horizontal_pod_autoscaling.0.disabled", horizontalPodAutoscalingDisabled})
 		clusterTests = append(clusterTests, clusterTestField{"addons_config.0.kubernetes_dashboard.0.disabled", kubernetesDashboardDisabled})
+		clusterTests = append(clusterTests, clusterTestField{"addons_config.0.network_policy.0.disabled", networkPolicyDisabled})
 
 		for i, np := range cluster.NodePools {
 			prefix := fmt.Sprintf("node_pool.%d.", i)
@@ -915,6 +920,7 @@ resource "google_container_cluster" "primary" {
 	addons_config {
 		http_load_balancing { disabled = true }
 		kubernetes_dashboard { disabled = true }
+		network_policy { disabled = true }
 	}
 }`, clusterName)
 }
@@ -930,6 +936,7 @@ resource "google_container_cluster" "primary" {
 		http_load_balancing { disabled = false }
 		kubernetes_dashboard { disabled = true }
 		horizontal_pod_autoscaling { disabled = true }
+		network_policy { disabled = false }
 	}
 }`, clusterName)
 }
diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown
index b002a183f3a..6ce3e239b89 100644
--- a/website/docs/r/container_cluster.html.markdown
+++ b/website/docs/r/container_cluster.html.markdown
@@ -154,6 +154,9 @@ The `addons_config` block supports:
     add-on, which controls whether the Kubernetes Dashboard is enabled for this cluster.
     It is enabled by default; set `disabled = true` to disable.
 
+* `network_policy` - (Optional) The status of the Network Policy
+    add-on. It is disable by default; set `disabled = false` to enable.
+
 This example `addons_config` disables two addons:
 
 ```