diff --git a/tools/deployment/developer/ceph/110-ceph-radosgateway.sh b/tools/deployment/developer/ceph/110-ceph-radosgateway.sh
index 3616a7f8c4..33bb55bae4 100755
--- a/tools/deployment/developer/ceph/110-ceph-radosgateway.sh
+++ b/tools/deployment/developer/ceph/110-ceph-radosgateway.sh
@@ -44,6 +44,33 @@ conf:
 pod:
   replicas:
     rgw: 1
+network_policy:
+  ceph:
+    ingress:
+      - from:
+        - podSelector:
+            matchLabels:
+              application: glance
+        - podSelector:
+            matchLabels:
+              application: cinder
+        - podSelector:
+            matchLabels:
+              application: libvirt
+        - podSelector:
+            matchLabels:
+              application: nova
+        - podSelector:
+            matchLabels:
+              application: ceph
+        - podSelector:
+            matchLabels:
+              application: ingress
+        ports:
+        - protocol: TCP
+          port: 8088
+manifests:
+  network_policy: true
 EOF
 helm upgrade --install radosgw-openstack ${OSH_INFRA_PATH}/ceph-rgw \
   --namespace=openstack \
diff --git a/tools/deployment/developer/common/030-ingress.sh b/tools/deployment/developer/common/030-ingress.sh
index edd1a30376..dc09a38e62 100755
--- a/tools/deployment/developer/common/030-ingress.sh
+++ b/tools/deployment/developer/common/030-ingress.sh
@@ -27,6 +27,9 @@ network_policy:
   ingress:
     ingress:
       - from:
+        - podSelector:
+            matchLabels:
+              application: ceph
         - podSelector:
             matchLabels:
               application: keystone
diff --git a/tools/deployment/multinode/090-ceph-radosgateway.sh b/tools/deployment/multinode/090-ceph-radosgateway.sh
index 58d994f60f..8e7658198b 100755
--- a/tools/deployment/multinode/090-ceph-radosgateway.sh
+++ b/tools/deployment/multinode/090-ceph-radosgateway.sh
@@ -38,11 +38,39 @@ bootstrap:
 conf:
   rgw_ks:
     enabled: true
+network_policy:
+  ceph:
+    ingress:
+      - from:
+        - podSelector:
+            matchLabels:
+              application: glance
+        - podSelector:
+            matchLabels:
+              application: cinder
+        - podSelector:
+            matchLabels:
+              application: libvirt
+        - podSelector:
+            matchLabels:
+              application: nova
+        - podSelector:
+            matchLabels:
+              application: ceph
+        - podSelector:
+            matchLabels:
+              application: ingress
+        ports:
+        - protocol: TCP
+          port: 8088
+manifests:
+  network_policy: true
 EOF
 
 : ${OSH_INFRA_PATH:="../openstack-helm-infra"}
 helm upgrade --install radosgw-openstack ${OSH_INFRA_PATH}/ceph-rgw \
   --namespace=openstack \
+  --set manifests.network_policy=true \
   --values=/tmp/radosgw-openstack.yaml \
   ${OSH_EXTRA_HELM_ARGS} \
   ${OSH_EXTRA_HELM_ARGS_HEAT}