diff --git a/shared/networkpolicies/allow-to-database.yaml b/shared/networkpolicies/allow-to-database.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5048be934e1cbbb23d0cbccbe53b2f3a97ecd356
--- /dev/null
+++ b/shared/networkpolicies/allow-to-database.yaml
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-to-database
+spec:
+  policyTypes:
+  - Ingress
+  ingress:
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: nginx-system
+      podSelector:
+        matchLabels:
+          app.kubernetes.io/name: haproxy
+    ports:
+      - protocol: TCP
+        port: 80
+      - protocol: TCP
+        port: 443
+  - to:
+      podSelector:
+        matchLabels:
+          application: spilo
+  podSelector:
+    matchLabels:
+      application: spilo