diff --git a/templates/server-ingress.yaml b/templates/server-ingress.yaml
new file mode 100644
index 0000000..1796f03
--- /dev/null
+++ b/templates/server-ingress.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.server.ingress.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- $servicePort := .Values.server.service.port -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- with .Values.server.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+        {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+        {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/test/unit/server-ingress.bats b/test/unit/server-ingress.bats
new file mode 100644
index 0000000..26594c6
--- /dev/null
+++ b/test/unit/server-ingress.bats
@@ -0,0 +1,47 @@
+#!/usr/bin/env bats
+
+load _helpers
+
+@test "server/ingress: disabled by default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -x templates/server-ingress.yaml  \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "server/ingress: checking host entry gets added and path is /" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -x templates/server-ingress.yaml \
+      --set 'server.ingress.enabled=true' \
+      --set 'server.ingress.hosts[0].host=test.com' \
+      --set 'server.ingress.hosts[0].paths[0]=/' \
+      . | tee /dev/stderr |
+      yq  -r '.spec.rules[0].host' | tee /dev/stderr)
+  [ "${actual}" = 'test.com' ]
+
+  local actual=$(helm template \
+      -x templates/server-ingress.yaml \
+      --set 'server.ingress.enabled=true' \
+      --set 'server.ingress.hosts[0].host=test.com' \
+      --set 'server.ingress.hosts[0].paths[0]=/' \
+      . | tee /dev/stderr |
+      yq  -r '.spec.rules[0].http.paths[0].path' | tee /dev/stderr)
+  [ "${actual}" = '/' ]
+}
+
+@test "server/ingress: vault backend should be added when I specify a path" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      -x templates/server-ingress.yaml \
+      --set 'server.ingress.enabled=true' \
+      --set 'server.ingress.hosts[0].host=test.com' \
+      --set 'server.ingress.hosts[0].paths[0]=/' \
+      . | tee /dev/stderr |
+      yq  -r '.spec.rules[0].http.paths[0].backend.serviceName  | length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+
+}
diff --git a/values.yaml b/values.yaml
index e0dcf29..cb4d4d6 100644
--- a/values.yaml
+++ b/values.yaml
@@ -23,6 +23,24 @@ server:
   #     memory: 256Mi
   #     cpu: 250m
 
+  # Ingress settings
+  # Enabling it a ingress will be created which will manage external access to the
+  # cluster, very useful if you want to expose the Vault UI
+  ingress:
+    enabled: false
+    annotations: {}
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+    hosts:
+      - host: chart-example.local
+        paths: []
+
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+
+
   # authDelegator enables a cluster role binding to be attached to the service
   # account.  This cluster role binding can be used to setup Kubernetes auth
   # method.  https://www.vaultproject.io/docs/auth/kubernetes.html