diff --git a/CHANGELOG.md b/CHANGELOG.md
index 056be87..9b461dc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 Improvements:
 * Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
 * Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
 
 Bugs:
 * Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
diff --git a/templates/server-ingress.yaml b/templates/server-ingress.yaml
index cc4f66d..b814a6a 100644
--- a/templates/server-ingress.yaml
+++ b/templates/server-ingress.yaml
@@ -39,6 +39,9 @@ spec:
       {{- end }}
       secretName: {{ .secretName }}
   {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
 {{- end }}
   rules:
   {{- range .Values.server.ingress.hosts }}
diff --git a/test/unit/server-ingress.bats b/test/unit/server-ingress.bats
index 46794a4..56a3f92 100755
--- a/test/unit/server-ingress.bats
+++ b/test/unit/server-ingress.bats
@@ -131,6 +131,29 @@ load _helpers
   [ "${actual}" = "nginx" ]
 }
 
+@test "server/ingress: ingressClassName added to object spec - string" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-ingress.yaml \
+      --set 'server.ingress.enabled=true' \
+      --set server.ingress.ingressClassName=nginx \
+      . | tee /dev/stderr |
+      yq -r '.spec.ingressClassName' | tee /dev/stderr)
+  [ "${actual}" = "nginx" ]
+}
+
+@test "server/ingress: ingressClassName is not added by default" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-ingress.yaml \
+      --set 'server.ingress.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.ingressClassName' | tee /dev/stderr)
+  [ "${actual}" = "null" ]
+}
+
 @test "server/ingress: uses active service when ha by default - yaml" {
   cd `chart_dir`
 
diff --git a/values.schema.json b/values.schema.json
index 4c0a004..4ddbedf 100644
--- a/values.schema.json
+++ b/values.schema.json
@@ -608,6 +608,9 @@
                                 }
                             }
                         },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
                         "labels": {
                             "type": "object"
                         },
diff --git a/values.yaml b/values.yaml
index 48b413a..735f153 100644
--- a/values.yaml
+++ b/values.yaml
@@ -271,6 +271,10 @@ server:
       # kubernetes.io/ingress.class: nginx
       # kubernetes.io/tls-acme: "true"
 
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+
     # When HA mode is enabled and K8s service registration is being used,
     # configure the ingress to point to the Vault active service.
     activeService: true