diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index a7da205..ccafdb6 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -38,6 +38,13 @@ app: {{ .Values.podLabel.app }}
 service: {{ .Values.podLabel.service }}
 {{- end }}
 
+{{/*
+DB labels
+*/}}
+{{- define "webapp-helm-chart.db.labels" }}
+app: {{ .Values.postgresql.primary.podLabels.app }}
+{{- end }}
+
 {{/*
 Selector labels
 */}}
diff --git a/templates/network_policy.yaml b/templates/network_policy.yaml
new file mode 100644
index 0000000..c105d5e
--- /dev/null
+++ b/templates/network_policy.yaml
@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ .Release.Name }}-network-policy
+  namespace: {{ .Values.namespace }}
+spec:
+  podSelector:
+    matchLabels: {{ include "webapp-helm-chart.db.labels" . | indent 6 }}
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              name: {{ .Values.namespace }}
+        - podSelector:
+            matchLabels: {{ include "webapp-helm-chart.labels" . | indent 14 }}
+      ports:
+        - protocol: TCP
+          port: 5432
diff --git a/values.yaml b/values.yaml
index f900e77..16aaa5b 100644
--- a/values.yaml
+++ b/values.yaml
@@ -97,3 +97,7 @@ postgresql:
   primary:
     persistence:
       size: 1Gi
+    labels:
+      app: webapp-db
+    podLabels:
+      app: webapp-db