diff --git a/roles/kubernetes-apps/registry/defaults/main.yml b/roles/kubernetes-apps/registry/defaults/main.yml
index ef9e2fb9135bd03f21d2c06352b3c98abb42bedd..6353b7c94ee12a897ee5cf4f814adf686a285b67 100644
--- a/roles/kubernetes-apps/registry/defaults/main.yml
+++ b/roles/kubernetes-apps/registry/defaults/main.yml
@@ -41,3 +41,8 @@ registry_config:
       enabled: true
       interval: 10s
       threshold: 3
+
+registry_ingress_annotations: {}
+registry_ingress_host: ""
+# name of kubernetes secret for registry ingress TLS certs
+registry_ingress_tls_secret: ""
diff --git a/roles/kubernetes-apps/registry/tasks/main.yml b/roles/kubernetes-apps/registry/tasks/main.yml
index de462771d3a60ae4fbbf0e866312bb70adfb7ad4..3a5d68d709057fc271254a73fc3abbbaa57fb705 100644
--- a/roles/kubernetes-apps/registry/tasks/main.yml
+++ b/roles/kubernetes-apps/registry/tasks/main.yml
@@ -59,6 +59,13 @@
     - podsecuritypolicy_enabled
     - registry_namespace != "kube-system"
 
+- name: Registry | Append nginx ingress templates to Registry Templates list when ingress enabled
+  set_fact:
+    registry_templates: "{{ registry_templates + [item] }}"
+  with_items:
+    - [{ name: registry-ing, file: registry-ing.yml, type: ing }]
+  when: ingress_nginx_enabled == true or ingress_alb_enabled == true
+
 - name: Registry | Create manifests
   template:
     src: "{{ item.file }}.j2"
diff --git a/roles/kubernetes-apps/registry/templates/registry-ing.yml.j2 b/roles/kubernetes-apps/registry/templates/registry-ing.yml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..29dfbba59c860c04b4924c1c0db59270355f5b29
--- /dev/null
+++ b/roles/kubernetes-apps/registry/templates/registry-ing.yml.j2
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: registry
+  namespace: {{ registry_namespace }}
+{% if registry_ingress_annotations %}
+  annotations:
+    {{ registry_ingress_annotations | to_nice_yaml(indent=2, width=1337) | indent(width=4) }}
+{% endif %}
+spec:
+{% if registry_ingress_tls_secret %}
+  tls:
+  - hosts:
+      - {{ registry_ingress_host }}
+    secretName: {{ registry_ingress_tls_secret }}
+{% endif %}
+  rules:
+  - host: {{ registry_ingress_host }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: registry
+            port:
+              number: {{ registry_port }}