diff --git a/apps/base/goharbor/kustomization.yaml b/apps/base/goharbor/kustomization.yaml
index a5b163971f334542867e1775bd03d91ba3d24fce..bc535bd42780c60d5d2f6028293b486aa40506d6 100644
--- a/apps/base/goharbor/kustomization.yaml
+++ b/apps/base/goharbor/kustomization.yaml
@@ -5,3 +5,4 @@ resources:
   - namespace.yaml
   - repository.yaml
   - release.yaml
+  - networkpolicy.yaml
diff --git a/apps/base/goharbor/networkpolicy.yaml b/apps/base/goharbor/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..80ce4e2943a622dad1a8cff034081621f6a89cd1
--- /dev/null
+++ b/apps/base/goharbor/networkpolicy.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-ingress
+spec:
+  podSelector:
+    matchLabels:
+      app: harbor
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          ingress.shivering-isles.com/network-access-required: "true"