diff --git a/inventory/sample/group_vars/k8s-cluster/addons.yml b/inventory/sample/group_vars/k8s-cluster/addons.yml
index ef9eff9e754d284d30007e7f21c1d09ef0f8464e..97390f3b18be32884b81c2e4bfc3a6a8158b44d0 100644
--- a/inventory/sample/group_vars/k8s-cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s-cluster/addons.yml
@@ -98,6 +98,8 @@ ingress_publish_status_address: ""
# 9000: "default/example-go:8080"
# ingress_nginx_configmap_udp_services:
# 53: "kube-system/coredns:53"
+# ingress_nginx_extra_args:
+# - --default-ssl-certificate=default/foo-tls
# Cert manager deployment
cert_manager_enabled: false
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml
index 57bd4830c9989410c46baf53ffeac83d9fa98203..98cfbfba41714d09525d1691b384eccef65f2e8c 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml
@@ -10,3 +10,4 @@ ingress_nginx_secure_port: 443
ingress_nginx_configmap: {}
ingress_nginx_configmap_tcp_services: {}
ingress_nginx_configmap_udp_services: {}
+ingress_nginx_extra_args: []
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 6f94680a6a5e255e102987966cd9a050748fec61..0407523f13413b6bff88adc878c79df41423dba9 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -51,6 +51,9 @@ spec:
{% if ingress_publish_status_address != "" %}
- --publish-status-address={{ ingress_publish_status_address }}
{% endif %}
+{% for extra_arg in ingress_nginx_extra_args %}
+ - {{ extra_arg }}
+{% endfor %}
securityContext:
capabilities:
drop: