diff --git a/templates/NetworkPolicy.yaml b/templates/NetworkPolicy.yaml
index 125838d..2bcf6d6 100644
--- a/templates/NetworkPolicy.yaml
+++ b/templates/NetworkPolicy.yaml
@@ -31,18 +31,46 @@ spec:
     matchLabels:
       cnpg.io/cluster: memelord-raiko-database
   policyTypes:
-  - Ingress
+    - Ingress
   ingress:
-  - from:
-    - podSelector:
-        matchLabels:
-           app: memelord
-    - podSelector: # Primary-secondary replication!
-        matchLabels:
-          cnpg.io/cluster: memelord-raiko-database
-    ports:
-    - protocol: TCP
-      port: 5432
+    # App -> Postgres SQL
+    - from:
+        - podSelector:
+            matchLabels:
+              app: memelord
+      ports:
+        - protocol: TCP
+          port: 5432
+
+    # Primary-secondary replication (jääb alles)
+    - from:
+        - podSelector:
+            matchLabels:
+              cnpg.io/cluster: memelord-raiko-database
+      ports:
+        - protocol: TCP
+          port: 5432
+
+    # CNPG operator/controller -> Postgres management/health (sinu log näitas port 8000)
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: cnpg-system
+      ports:
+        - protocol: TCP
+          port: 8000
+
+    # Prometheus -> Postgres (vali õige port vastavalt exporterile/metricsile)
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: monitoring
+      ports:
+        - protocol: TCP
+          port: 5432
+        # - protocol: TCP
+        #   port: 9187
+
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -63,3 +91,4 @@ spec:
     ports:
     - protocol: TCP
       port: 8000
+