Currently, when adding a listener to discovery.listeners, a corresponding egress networkpolicy needs to be added as well (to allow traffic to the listener).
We should add some helm code to automatically include the needed egress rules for enabled listeners, so no extra configuration (and no specific knowledge of IPs and ports) is needed.
See https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/630769 for an example.