From 2900a1b4aba4ebcd7b5cc42b2739351450f33b17 Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@itpartner.no>
Date: Tue, 13 Feb 2024 11:53:00 +0100
Subject: [PATCH] feat: add cpol to configure ingress whitelisting

---
 .../host-manifests/add-ingress-whitelist.yaml | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 resources/atlantis/host-manifests/add-ingress-whitelist.yaml

diff --git a/resources/atlantis/host-manifests/add-ingress-whitelist.yaml b/resources/atlantis/host-manifests/add-ingress-whitelist.yaml
new file mode 100644
index 00000000..f21f7455
--- /dev/null
+++ b/resources/atlantis/host-manifests/add-ingress-whitelist.yaml
@@ -0,0 +1,21 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: add-ingress-whitelist
+spec:
+  background: true
+  generateExistingOnPolicyUpdate: true
+  rules:
+  - name: set-whitelist-internal
+    mutate:
+      patchStrategicMerge:
+        metadata:
+          annotations:
+            nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+    match:
+      resources:
+        kinds:
+        - Ingress
+        annotations:
+          atlantis.oceanbox.io/expose: internal
+  validationFailureAction: audit