diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 28fab29f9e443b50b32b87d68c9ffdedc0220d4d..fdb87891fcdcf1cd531c4ce967b4cdb202f19bb1 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -58,6 +58,14 @@ spec:
           component: antragsraum-server
 {{- end }}
 
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ (.Values.ozgcloud).zentralerEingang.namespace }}
+    ports:
+    - protocol: TCP
+      port: 9090 
+
 {{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
 {{ toYaml . | indent 2 }}
 {{- end }}
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
index 5182d0baab596a8abe3a67fcaa32c1f87e78b615..6a52c559f67052c64e943d0ea7b36149d36e88ce 100644
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -62,3 +62,7 @@ zufiManager:
 
 elasticsearch:
     certificateSecretName: elasticsearch-certificate
+
+ozgcloud:
+  zentralerEingang:
+    namespace: zentraler-eingang
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index f63746306c5edeaa76f17028551c04243a137d31..1399b46b1cc3a67f209ddd7a1ec8795f65774c7d 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -158,6 +158,41 @@ tests:
       - failedTemplate:
           errorMessage: ozgcloud.antragraum.namespace must be set if antragraum is enabled
 
+  - it: should add default ingress rule for zentraler-eingang
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+    asserts:
+    - contains:
+        path: spec.ingress
+        content:
+          from:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zentraler-eingang
+          ports:
+          - protocol: TCP
+            port: 9090 
+
+  - it: should add ingress rule for zentraler-eingang
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+      ozgcloud:
+        zentralerEingang:
+          namespace: custom-namespace
+    asserts:
+    - contains:
+        path: spec.ingress
+        content:
+          from:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: custom-namespace
+          ports:
+          - protocol: TCP
+            port: 9090 
+
 
   - it: should add egress rule to elasticsearch
     set: