diff --git a/resources/atlantis/host-manifests/add-ingress-whitelist.yaml b/resources/atlantis/host-manifests/add-ingress-whitelist.yaml
new file mode 100644
index 00000000..f21f7455
--- /dev/null
+++ b/resources/atlantis/host-manifests/add-ingress-whitelist.yaml
@@ -0,0 +1,21 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: add-ingress-whitelist
+spec:
+  background: true
+  generateExistingOnPolicyUpdate: true
+  rules:
+  - name: set-whitelist-internal
+    mutate:
+      patchStrategicMerge:
+        metadata:
+          annotations:
+            nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+    match:
+      resources:
+        kinds:
+        - Ingress
+        annotations:
+          atlantis.oceanbox.io/expose: internal
+  validationFailureAction: audit